The Parliamentary Select Committee hearings on the Bills to amend the 2003 GCSB Act and 2004 Telecommunications (Interception Capability and Security) Act have begun this week. There is much interest in the hearings not only because of the content of the Bills under consideration, but also because they are open to the public. The cast of characters scheduled to present is as colorful as it is deep: Kim Dotcom, the CTU, the Law Society, Internet NZ and several telecommunications firms are among those representing.
Even so, some of the public discussion surrounding the proposed reforms has been stunningly stupid. In recent weeks the Herald featured two editorials supporting the proposed changes. The first claimed that the changes would help prevent a Boston Bombing scenario (a claim that the Prime Minister has parroted; Winston Peters prefers to use the train station bombing hypothetical). That ignores the fact that US intelligence agencies could not do so even with their massive meta data-mining schemes and a tip from Russian authorities. Nor could they prevent the Fort Hood massacre even though the perpetrator was in regular email contact with an al-Qaeda leader in Yemen prior to the shooting.
Worse yet, the Prime Minister and others such as this editorial writer make it seem as if counter-terrorism is the primary function of intelligence operations. It is not. Traditional inter-state espionage, no matter what the technologies used, remain the major part of intelligence work. The counter-terrorism angle provides a convenient fig leaf for the expansion of intelligence networks and the scope of their authority, but in reality occupies a relatively small amount of intelligence resources and attention. This is particularly true for countries that are not on the front lines of the so-called “war on terrorism.”
The second editorial, by a supposed former intelligence officer, claimed that those who oppose the Bill are scaremongers and uninformed, even though the Law Society, Internet NZ and several other professional groups have registered their opposition on legal as well as technical grounds. The author also asserted that because civil servants drafted the proposed changes, we should accept them in good faith. Yeah right.
I beg to differ. There is clearly a need to “tidy up” the legal framework governing GCSB activities on home soil because under the current Act the role of the GCSB in domestic espionage is murky. But civil libertarians and privacy rights activists have legitimate reason to oppose the GCSB Bill in its present form.
The Bill expands the terms and conditions under which the GCSB can engage in domestic espionage, including reasons that have nothing to do with national security and for agencies unrelated to it. Those responsible for issuing the warrants under which the GCSB would â€œassistâ€ domestic agencies would be those who currently do so, in a cross-signed fashion in the case of spying on New Zealand citizens and residents. If the targeted entity falls under the foreign intelligence collection mandate of the GCSB (which targets â€œforeign entities,â€ in New Zealand, including private firms as well as diplomatic missions), warrantless intercepts can be authorized even if they extend to New Zealanders.
In light of past excesses and mistakes it is evident that leaving warrant issuance to the Prime Minister and a retired judge (the Commissioner for Security Warrants) is pure folly even when done in combination. These are the individuals who were on watch during the Dotcom raid and, in the case of the Prime Minister, claimed ignorance after the fact as to how and why the GCSB became unlawfully involved in it.
The definition of threat to national security under which the GCSB would act is too nebulous and broad to prevent mission creep into common law enforcement and encroachments on individual and group privacy. For example, under the proposed legislation the GCSB could assist the Department of Primary Industries to spy on environmental activists on behalf of fishing, logging or mining interests if their protests were deemed injurious to the economic well-being of the nation, which can be construed as a threat to national security under current definition of the term.
The oversight mechanisms proposed by the Kitteridge Report are a veneer on what currently exists. Even if bolstered by a Deputy and some additional clerical staff and funding, the Inspector General of Intelligence and Security is simply too dependent and too powerless to effectively serve as the overseer of the New Zealand intelligence community. Absent effective independent oversight such as that which could come by making the Inspector Generalâ€™s office a Department of Parliament responsible to a Parliamentary Committee with powers of compulsion under oath, the room for unaccountable manipulation of intelligence flows and analysis remains great.
The Telecommunications (Interception Capability and Security) BIll that accompanies the GCSB Bill is more draconian than similar legislation under the US Patriot Act. It compels telecommunications companies to provide access to their source and encryption codes (that is, provide warrantless access before the fact to private accounts when no threats are evident). It authorizes GCSB espionage operations without the consent of affected private entities as part of its â€œinformation assurance and cyber assuranceâ€ function, which is designed to safeguard a broadly defined information infrastructure consisting all forms of telecommunications emissions, systems and networks. In other words, one way or another the GCSB would have the ability to surreptitiously monitor all New Zealand based telecommunications regardless of whether or not they involved clear threats to national security.
Since New Zealand is not a major target of inter-state cyber espionage or in the so-called war on terrorism, that is an overreach. India, Brazil, Italy, Spain, Canada, Germany and many other democracies who arguably are much more at risk for espionage and terrorism do not have such legislation. In most the separation of foreign and domestic espionage is made quite clear in law, with the latter carried out mostly by the Police, national gendarmes or local investigative agencies with help from foreign-focused intelligence agencies only in the most exceptional circumstances (even then, agencies like Interpol exist as the first line of recourse used to facilitate international crime investigations).
What is the problem in requesting voluntary telecommunications company cooperation with national security investigations, particularly when they are clearly focused on clear and present threats? What telecommunications provider would refuse such a request, especially if issued under warrant specifying the reasons? If such a system works for the countries mentioned above, why can it not work here?
The official presumption in the T(ICS) bill that telecommunications firms need to be compelled rather than be allowed to voluntarily cooperate with intelligence agencies on matters of national security says more about the disposition of the government than it does about that of the firms involved.
By expanding the GCSBâ€™s domestic â€œassistanceâ€ role in two capacities (information assurance and cyber security to public and private entities as well as technical assistance to sister agencies), the proposed changes run the risk of deviating it from its main foreign signals intelligence and counter-cyber espionage efforts. It will add a further burden to it’s already stretched staff of analysts, engineers, linguists and cryptographers. Since increased funding and recruitment are circumscribed by the present climate of fiscal austerity, it does not appear likely that resources for the GCSB will be increased commiserate with the increase in its domestic assistance authority.
Interestingly, the GCSB and T(ICS) Bills were proposed soon after issuance of the Kitteridge Report on the GCSB, which was driven by the unlawful electronic monitoring of Kim Dotcom and associates by that agency. Given the level of detail in the Bills, that suggests that they were drafted before Ms. Kitteridgeâ€™s findings and recommendations were finalized. This contradicts the governmentâ€™s claim that the Bills came in response to the findings of that report.
In a world in which threats are increasingly â€œintermesticâ€ or â€œglocalâ€ in nature and in which the boundary between national law enforcement and international security is increasingly blurred, there is reason to adjust the legislative apparatus governing the role, scope and functions of the New Zealand intelligence community, including its international commitments. At present the GCSB and sister agencies appear rudderless, unsure of who and what purpose they serve, much less how they should prioritize their essential responsibilities.
This is why a full inquiry into the New Zealand intelligence community is needed before any reforms are made to its legal architecture, especially given that the last review of New Zealand intelligence operations occurred in the 1970s.
The inquiry could well start with exploring what New Zealandâ€™s threat environment consists of now and in the near to medium future, including proximate and distant threats of a physical (environmental and epidemiological), economic, military, diplomatic and criminal nature. It could then turn to outlining the specific meaning of â€œnational securityâ€ in light of these threats (with the balance between minimalist and expansive definitions of national security needing to be debated and precisely defined).
It might consider how current policy decisions or orientations can set the stage for the emergence or facilitation of future threats (such as by trying to play off trade and security relations with competing great powers as a form of hedging or strategic balancing act). Having done that, it could proceed to review the way in which the intelligence community operates so as to offer prescriptions for its better tailoring to the threat environment extant and foreseeable.
Much has happened since the last intelligence review, both in terms of the nature of national security threats as well as the technologies they employ and those used to counter them. It is therefore prudent to pause and review how New Zealand intelligence operations are conducted rather than rush to pass legislation that retroactively exculpates past unlawful behavior by the GCSB while expanding the reach of those who authorized it.
A short version of this essay appeared in the New Zealand Herald on July 2, 2013 under the title â€œGCSB bill going too far too fast.â€