Still the 5 Eyes Achilles Heel?

The National Cyber Security Centre (NZSC), a unit in the Government Communications Security Bureau (GCSB) dedicated to cyber-security, has released a Review of its response to the 2021 email hacking of NZ members of the Inter-Parliamentary Alliance on China (IPAC, a global organization of parliamentarians) and Professor Anne-Marie Brady, the well known China expert and critic. A number of problems were identified, both operational and (yet again) with regard to accountability and transparency, so I thought I would briefly summarise them.

The Review states that too much focus was placed by the NCSC on “technical” solutions to the email phishing probes instead of considering the “wider” context in which the hacking occurred. In layman’s terms that is akin to saying that the NCSC got busy plugging holes in the parliamentary server firewalls after breaches were detected without considering who was being targeted and what purpose the hacking may have served. This is remarkable because the hacking came from ATP-31, a unit linked to PRC military intelligence well known for having engaged in that sort of activity previously, in NZ and elsewhere. Moreover, the NCSC had to be alerted by a foreign partner that the email phishing efforts were part of a progressive hacking strategy whereby the ultimate target was not the emails of MPs but of the IP addresses that were being used by those MPs. In fact, the NCSC currently does not have procedures for how to respond to reports that foreign, including state-sponsored, actors are targeting New Zealanders. The NCSC found out about the parliamentary email servers hacking from Parliamentary Services in the first instance, and then from foreign partner intelligence that was passed on to it by the NZSIS.

This is of concern for several reasons, not the least of which is that it took a foreign 5 Eyes partner to alert the NCSC to something that it should have been well aware of itself (progressive hacking), and because the NCSC initially assumed, for whatever reason, that the phishing was done by ordinary criminals rather than foreign intelligence units. It also assumed that MPs were already engaged in providing their own security, even after Parliamentary Services flagged potential breaches of its email servers to the NCSC. In fact MPs were apparently told more by Parliamentary Services than the NCSC about their being targeted (albeit after the fact), and the University of Canterbury, Professor Brady’s employer, apparently was never contacted about potential security breaches of their servers.

Since MPs may have sent and received emails from multiple IP addresses attached to their official and personal devices, the security breach implications of the email hacks could be considerable given the potential cross-over between personal and official MP communications. Put bluntly, it is incredible that a dedicated cyber-security unit that is an integral part of the GCSB and through it the Anglophone 5 Eyes signals/technical intelligence network did not consider the membership of the targeted MPs in IPAC and that the phishing occurred at the same time that Professor Brady’s emails were targeted (Brady is known to have close contacts with IPAC). This is basic 1+1 contextual stuff when it comes to operational security in cyberspace, so one gets the sense that the NCSC is made up of computer nerds who have little training in geopolitics, foreign policy, international relations or how the world works outside of WAN and LAN (hint: these are basic computer terms). They simply approached the hacking attacks as if they were plugging a leaking dike rather than consider what may be prompting the leaks and red-flagging them accordingly.

The advice given by the Review was for the NCSC to engage more with the targeted individuals in real time, who only found out about their exposure long after the fact. Moreover, the Minister of Intelligence and Security was not briefed on these intrusions, much like the targeted MPs and Professor Brady were not. Again, this defies the notion of democratic oversight, transparency and accountability within NZ intelligence agencies. Worse yet, it follows on the heels of revelations that for a few years a decade ago the GCSB hosted a foreign partner “asset,” presumably a signals or technical intelligence collection platform, at GCSB headquarters in Wellington without the knowledge of the then Minister or even the GCSB Director-General. Operational control of that platform, including specific taskings and targets, were done by the foreign partner. Imagine if one of the taskings was to geotrack a foreign human target in order to eliminate that target. If word was leaked about GCSB’s hosting of the tracking platform, it might cause some diplomatic tensions for NZ. At a minimum it is a violation of both NZ’s sovereignty as well as basic notions of intelligence agency accountability in a democracy. It seems that, almost a decade later, the much vaunted reforms designed to increase intelligence community accountability embedded the 2017 Security and Intelligence Act had not filtered down to the NCSC dike-plugging level.

This is a very bad look for the GCSB, both in the eyes of its domestic clients as well as those of its 5 Eyes partners. NZ already had a reputation for being the “Achilles heel” or “weak link” of the 5 Eyes network due to its lax security protocols and counter-intelligence capabilities. This may only confirm that belief in spite fo significant efforts to upgrade GCSB capabilities and toughen up its defences, including in cyberspace. And, judging from the reactions of the targeted MPs and Professor Brady, domestic clients of the NCSC, who are both private and public in nature, may not feel too reassured by the Review and its recommendations.

It is known that the GCSB is made up of an assortment of engineers, translators and computing specialists. It has a remit that includes domestic as well as foreign signals and technical gathering and analysis, the former operating under the framework of NZ law under the 2017 Act (most often in a partnership with a domestic security agency).This brings up a question of note. If the staff are all of a “technical” persuasion as described above, then it follows that they simply adhere to directives from their managers and foreign partners, collect and assess signals and technical intelligence data as directed by others, and do not have an in-house capacity to provide geopolitical context to the data being analyzed. It is like plugging leaks without knowing about the hydraulics causing them.

In that light it just might do good to incorporate a few foreign policy and comparative political analysts into the GCSB/NCSC mix given that most of NZ’s threat environment is not only “intermestic” (domestic<–>international) but “glocal” (global and local) as well as hybrid (involving state and non-state actors) in nature. Threats are multidimensional and complex, so after the fact “plugging” solutions are temporary at best.

Given their diversity, complexity and sophistication, there are no “technical” solutions that can counter contemporary threats alone. Factoring in the broader context in which specific threats materialise will require broadening the knowledge base of those charged with defending against them or at a minimum better coordinating with other elements in the NZ intelligence community in order to get a better look at the bigger picture involved in NZ’s threat environment.

The NCSC in-house Review is silent on that.

Media Link: “A View from Afar” on the moment of friction, and more.

After a hiatus of over four months Selwyn Manning and I finally got it together to re-start the “A View from Afar” podcast series. We shall see how we go but aim to do 2 episodes per month if possible.

Here we start of with a catch up on events since the last podcast of 2023. Selwyn liked the KP moment of friction post from April 1, and so we used it as the stepping stone into a discussion that incorporates material from several recent KP posts and other news. I hope that you find the podcast of interest. You can find it here.

Arguing about a moot point.

I have been following recent debates in the corporate and social media about whether it is a good idea for NZ to join what is known as “AUKUS Pillar Two.” AUKUS is the Australian-UK-US nuclear submarine building agreement in which the US and UK will provide Australia with the know-how and training on how to build and operate a small nuclear submarine fleet beginning in the 2030s. It has two components.

Pillar One involves the submarines themselves, which will be home ported at HMAS Stirling outside of Perth. Beginning in 2027 US Virginia-class and UK Astute-class attack subs (from which the future AUKUS-class Australian submarines will incorporate design features) will start rotating through HMAS Stirling so that Royal Australian Navy (RAN) and civilian personnel at HMAS Stirling can become familiar with nuclear submarine technologies and home port surface operations. The US will sell Australia up to three Virginia-class Block IV and Block VII subs beginning in the early 2030s and delivery of five new AUKUS submarines (designated as SSN-A’s) will begin in the mid 2040s. RAN crews are already attending the US Navy nuclear propulsion school in South Carolina and they will also join UK and US Astute- and Virginia-class boats on deployments as a part of their training. The project envisions the Royal Navy receiving SSN-A boats to replace their Asute-class fleet beginning in the early 2030s, and for the RAN to have a nuclear fleet of eight boats by 2050. Although nuclear propelled, they will not be nuclear armed. They are attack submarines whose main roles are to kill other submarines, surface vessels and land-based targets with conventionally armed torpedoes and cruise missiles. They are also tasked with intelligence-gathering missions involving technical, signals and even human collection methods.

Pillar Two of the AUKUS agreement involves complex technology research, development and transfers. The primary areas of focus will be on computer and cyber technology (including Artificial Intelligence, Quantum Computing and classified undersea technologies), hypersonic and counter-hypersonic platforms (already in progress), and Radar Capability, including the Deep Space Advanced Radar Capability (DARC) that will see tracking stations built in the Pillar One Countries. Pillar Two is designed to move beyond basic systems interoperability between the military allies, which is already in place, and integrate the military-industrial complexes of the three partners in ways that will not only lead to more seamless integration of complex technologies but also help create and expand high tech development hubs in each country, but especially in Australia and the UK. This is seen as having tremendous “trickle down” benefits for the civilian economies of each country as the flow-on effects of Pillar Two ripple into related industries up and down the supply, service, and delivery chains and their associated labour markets.

In March 2023 then Defense Minister Andrew Little of the Labour Party said that NZ was interested in discussing potential involvement in the non-nuclear aspects of Pillar 2, and in July 2023 US Secretary of State said that the “door was open” for countries like NZ to join the agreement. In December 2023 new Prime Minister Christopher Luxon reiterated his government’s interest in potentially joining in the non-nuclear aspects of Pillar Two, something that was followed by an announcement in February 2024 by Australia that it would begin to brief NZ officials on developments with regard to Pillar Two. However, after losing the October 2023 election the Labour Party reversed course and announced its opposition to participating in Pillar Two, and even the Grande Dame of the Labour Party, former NZ Prime Minister and UNDP chief Helen Clark, came out strongly against it. She has been joined in her opposition by a number of prominent NZ academics, peace, non-proliferation and disarmament campaigners, human rights and environmental activists, civil society organisations and left political movements as well as former diplomats.

Their concerns range from not wanting to jeopardise NZ’s trade relationship with the PRC, which has strongly denounced AUKUS as a provocative attempt to militarily counter and encircle it in the Western Pacific (and there is truth to that), which has a history of using trade as a retaliatory weapon in order to show its displeasure with other State’s behaviour, and upon which NZ is significantly trade-dependent, to fears of a nuclear arms race and/or great power conflict in the Southwestern Pacific that would have a disastrous impact on Pacific Island societies, economies and environments.

That latter point is significant because the permanent basing of nuclear submarines at HMAS Stirling appears to be in violation of the 1997 Treaty of Rarotonga declaring the South Pacific to be a nuclear-free zone.The maps of the South Pacific nuclear-free zone attached to the Treaty include the Australian West Coast fronting the Indian Ocean, and the Treaty prohibits the storage of significant quantities of fissile material or nuclear-processing facilities within the Zone. So the AUKUS agreement is seemingly in violation of the Treaty, which if so sets a dangerous precedent (AUKUS supporters claim that at worst the signatories exploited loopholes in the Treaty that make the agreement compliant with it). This can now open the door for other States to station nuclear powered submarines in the region, say for example, the French in New Caledonia or French Polynesia or the PRC in the Solomon Islands (thanks to the recently signed bilateral security agreement between the two countries). That would not be good from a strategic or arms control standpoint and would fulfil the darkest dreams of the non-proliferation community.

These opposition voices are countered by security experts and conservative political observers who see closer relations with AUKUS as enhancing NZ’s security in a rapidly deteriorating international security environment (in which militarily aggressive Russia and the PRC are seen as leaders of an authoritarian, anti-democratic, anti-Western bloc emerging from the Global South), and which also has great economic benefits for NZ should it join Pillar Two.

That is the foundation of the debate I mentioned at the beginning of this essay. Put crudely, Lefties do not want NZ involvement in Pillar Two. Righties do.

All of this seems to me to be a bit of a moot point. I hopped on the consultancy social media account to outline two reasons why, and I have expended them below.

First: the NZDF and GCSB (as part of 5 Eyes) will share AUKUS-related military technology and signals and technical intelligence collection advances because of their ongoing integration with Australian and US maritime operations and 5 Eyes partnership, especially when it comes to Western Pacific Anti-Submarine Warfare (ASW) roles. The incorporation of new P-8 long range patrol and ASW aircraft into the RNZAF and upgrades to the RNZN frigates have been done with that complex interoperability in mind. The NZDF already uses the principle of interoperability when working alongside its military partners–the US, UK and Australia being foremost among them– so whatever systems integration upgrades that result from AUKUS will be shared with NZ in any event. As it is, the NZDF already communicates with US and Australian submarines as a matter of course, so it will continue to do so once the nuclear-propelled ships come on board (remember that submarine hunters and surface patrol platforms need to distinguish friend from foe, and the best thing to do in that case is to ask upon contact or be alerted in advance by friendly forces). So as far as non-nuclear military technology sharing with the NZDF goes, it is a done deal. NZ does nothing (at least publicly) and yet it still gets to play with the military “big dogs.”

Also keep in mind that submarines are excellent signals intelligence collection or intercept platforms, particularly when it comes to undersea fiberoptic telecommunications cables. So upgrading to nuclear powered subs by the RAN will expand the range and operational capabilities of its maritime signals intelligence collection platforms as well as improve its ability to monitor hostile naval movements above and below the water line. The NZDF and GCSB will benefit from that, again, without having to do anything different than what they are doing already but with improved intelligence-gathering capabilities as a result.

Secondly, Australia, the UK and the US high technology sectors will not gift NZ firms a slice of the Pillar 2 pie for competitive and political reasons. Why allow the small high technology sector of a non-nuke “freeloading” country to benefit when AUKUS firms can benefit instead? Plus, AUKUS high technology sectors employ voters, have entrepreneurial lobbies and involve established economies of scale, so why share the Pillar Two market with what essentially would be a start-up upstart that has no political influence and electoral impact in the AUKUS countries themselves?

In effect, for operational as well as economic and political reasons, NZ involvement in Pillar Two is improbable. It will be briefed about Pillar Two as announced, but an invitation to join the endeavour faces opposition both from within and from without NZ. It therefore seems that the current government is engaging more in political and diplomatic posturing when it speaks of NZ’s involvement in Pillar Two rather than realistically assessing the prospects of that ever happening.

In that light, perhaps the fears of Pillar Two opponents are overblown?

A moment of friction.

In strategic studies “friction” is a term that it is used to describe the moment when military action encounters adversary resistance. “Friction” is one of four (along with an unofficial fifth) “F’s” in military strategy, which includes force (kinetic mass), fluidity (of manoeuvre), fog (of battle) as well as uncertainty (of outcomes, which is usually referred to in military circles as the “oh F**k” factor)). Friction comes from many causes, including terrain, countervailing force, psychological factors, the adversary’s broader capabilities and more. As German strategist Karl von Clausewitz noted, friction can be encountered at the three levels of warfare: strategic, operational and tactical.In other words, “Clausewitzian friction” is not just confined to the battlefield.

The notion of friction is drawn from the physical world and has many permutations. It is not confined to one particular element or dimension. It is about opposition, even if of similar elements or forces, including the element of will. For example, when they meet, fluids and air of different weights create turbulence. Fire on different fire extinguishes or expands. Earth on earth leads to crumbling or inertial momentum. The product of the combination of these physical forces, say fluid on air or earth or fire, depends on the relative weight of each. The same goes for psychological factors in human contests. Mutatis mutandis (i.e., with the necessary changes having been made), this is applicable to international relations. It may seem like a conceptual stretch but I see the use of the notion of friction in terms of international relations more as an example of conceptual transfer, using Clausewitz as a bridge between the physical and the political/diplomatic worlds (more on this later).

In the past I have written at length about the systemic realignment and long transition in post Cold War international relations. The phrase refers to the transition from a unipolar post-Cold War international system dominated by the US (as the “hegemon” of the liberal internationalist world order) to a multipolar system that includes rising Great Powers like the PRC and India and constellations of middle powers such as the other BRIC countries (Brazil, Russia, South Africa and recently added members like Egypt, Iran, Saudi Arabia, the UAE, Ethiopia and perhaps Argentina (if it ratifies its accession)) as representatives of the rising “Global South.” In spite of their differences, these rising power blocs are counterpoised against what remains of the liberal institutionalist order, including the EU, Japan, South Korea and Australia. I have noted that the long moment of transition is characterised by international norm erosion and increased rule violations and the consequent emergence of conflict as the systems regulator until a new status quo is established (and from which that new status quo emerges). That conflict may come in many guises–economic, diplomatic, cultural and, perhaps inevitably, military or some combination thereof. When conflicts turn military, the moment of force has arrived. And when force is met by opposing force, then friction is inevitable.

Here I extend the notion of friction to include the international moment that we are currently living in. That is, I have conceptually transferred the notion of friction to the international arena because “transfer” in this instance means applying the notion of friction to a wider environment beyond the physical plane without distorting its original meaning. That allows me to avoid the methodologically dubious practice of conceptual stretching (where a term is stretched and distorted from its original meaning in order to analytically fit a different type of thing).

The long transitional moment is what has taken us to this point and allowed me to undertake the transfer, and it is here in the transitional trajectory from unipolar to multipolar international systems where the future global status quo will be defined. It is a decisive moment because it is the period where force has become the major arbiter of who rises and who falls in the systemic transitional shuffle. Given that there are many competitors in the international arena who are capable and willing to use force as well as other means to advance their interests, I suggest that the global community has reached its moment of friction, that is, the turning point in the long transitional process. Everything that has come before was the lead-in. Everything that comes after will be the result of this conflict-defined moment.

It is no exaggeration to write this. Besides the Ruso-Ukrainian war and the Israel-Hamas war, there is the armed stand-off in the Red Sea between Iran-backed Houthis and a naval coalition led but he US, the ongoing skirmishes between PRC naval forces and those of the Philippines, Vietnam and Western naval forces as well as the PRC military threats to Taiwan, the Israeli-Hezbollah conflict along the Israel-Lebanon border, Islamist violence in the Sahel and Eastern Africa as well as in Russia, Afghanistan, Pakistan and other other parts of Central Asia, ongoing conflict in Syria between Assad’s Russian-backed forces, the remnants of ISIS and Western-backed rebels, the Turkish-Kurd conflict along the Turkish, Syrian and Iraqi borders, the civil war in Libya, escalating fighting between the Democratic Republic of Congo and Rwanda over mineral rich areas in and around the eastern Congolese city of Goma (in which private military companies and irredentist militias are also involved), narco-violence in Latin America that has reached the level of challenging state monopolies over organised violence in places like Ecuador and parts of Mexico, piracy in the Indian Ocean and in the Malacca Straits, cross-border ethno-religious conflict in Afghanistan and Pakistan, ethnic cleansing in Myanmar, the PRC and Gaza, tribal conflict in Papua New Guinea and more. Norms and rules governing interstate as well as domestic forms of collective behaviour are honoured in the breach, not as a matter of course. Individuals, groups and States are increasingly atomised in their perspectives and interactions and resort to the ultimate default option–conflict–to pursue their interests in the face of other’s opposition..

Friction extends to economics. The era of globalisation of free trade has ended as nations revert to post-pandemic protectionism or focus on “near-“and “friend-shoring” in order to avoid supply chain bottlenecks resultant from commodity production concentration in a small number of countries. Although not a trade pact strictly speaking, the PRC Belt and Road Initiative undermines Western trade agreements like the TPPA and lesser regional arrangements because it ties developmental assistance and financing to Chinese industries and markets. Intellectual property and technology theft is wide-spread despite International conventions against them (endnote just by the PRC). The era of Bretton Woods is over and the agencies that were its institutional pillars (like the World Bank, IMF and regional agencies such as the IADB and ADB) are now increasingly challenged by entities emerging from the Global South like the China Development Bank and BRICS common market initiatives.

In addition, as part of international norms erosion and rules violations, many diplomatic agreements and treaties such as those prohibiting the use of chemical weapons and even genocide are also now largely ignored because, in the end, there is no international enforcement capability to reinforce what is written. The International Court of Justice and International Criminal Court can impose sanctions and issue arrest warrants but have no enforcement authority of their own. The UN can authorise peace-keeping missions and issue resolutions but is subject to Security Council vetoes on the one hand and belligerent non-compliance in the other (besides Israel ignoring UN demands for a cease-fire and humanitarian pauses in Gaza, people may forget that there are UN peace keeping missions in the Sinai, Golan Heights and Israel-Lebanon border, including NZDF personnel among them, because these “blue helmet” missions have had no ameliorating impact on the behaviour of the participants in the Israel-Hamas-Hezbollah-Syria conflict). Adverse rulings in international courts have not stopped the PRC island-building and aggressive military diplomacy in the South China Sea. The examples are many. Given that state of affairs, States and other actors increasingly turn to force to pursue their interests.

Whatever restraint was promoted by the laws of war and international conflict-resolution institutions during the post-Cold War interregnum has been abandoned or become exceptions to the new anarchic rule. One might even say that the international community is increasingly living in a state of nature, even if the terms “anarchy” and “state of nature” are loose interpretations of what Hobbes wrote about when he considered the Leviathan of international politics. But the basic idea should be clear: the liberal internationalist system has broken down and a new order is emerging from the conflict landscape that characterises the contemporary international arena.

Again, the friction is not just things like the military confrontations between Russia, Russian and Iranian-backed proxies in the Middle East and the PRC against a range of Western and Western-oriented nations in the Western Pacific. The BRICS have proposed to develop a single unitary currency to rival the Euro and are openly calling for a major overhaul of international organizations and institutions that they (rightfully so), see as made by and for post-colonial Western interests. But the question is whether what they have in mind as a replacement will be any better in addressing the needs of the Global South while respecting the autonomy of the Global North. My hunch is that it will not, and will just add another front to the moment of friction.

I shall not continue enunciating the reasons why I believe that we have arrived at an international moment of friction (e.g. cultural degradation and social vulgarisation, etc.). That is because I cannot specify what will be come given that push has now led to shove, nor can I offer a solution set to the problems embedded in and underwriting this sorry moment. What I can say is, just like the fact that we need to learn to embrace uncertainty in the transitional process since outcomes are not assured and guarantees cannot be offered (although some industries like tobacco, liquor, weapons and insurance all profit during times of uncertainty and market hedging strategies become the common response of risk-adverse actors to uncertain economic times, so can be calculated or anticipated), so too we must, if not embrace, then learn to prepare for an era in which friction will be the dominant mode of international transaction for some time to come.

For small countries like NZ, repeating empty mantras about foreign policy “independence” no longer cuts it even as a slogan. The moment of international friction poses some existential questions about where NZ stands in the transitional process, how it will balance competing international interests when it comes to NZ foreign and security policy, and about who to side with when conflict comes.

Because it will.

Forget the date. This is no April Fools joke.

Reminder: “Frenemies” are not friends.

News that the Chinese ATP 40 cyber-hacking unit penetrated parliamentary internet networks in 2021 has renewed concerns about the PRC’s malign intentions in Aotearoa. But is the hack that significant given the length of time that has passed since its discovery and the lack of sensitivity of the information that was accessed?  I was asked to write about this for a corporate news outlet but since it is my work I have added some details and posted it here.

The hack is unsurprising given that NZ is a 5 Eyes partner and parliamentary services and the parliament counsel’s office handle sensitive information as a matter of course. NZ may be a trading partner of the PRC but is in essence a security adversary given its membership in 5 Eyes and its close military alignment with the US, Australia and other Western states that are (whether rightly or wrongly) hostile to PRC power-projection world wide. Since the PRC is a main focus of 5 Eyes signals and technical intelligence collection, it would be remiss for ATP 40 to ignore potential avenues of exploitation when it comes to obtaining political or security-related intelligence in NZ. That is part of their mission, and complements the well-known presence of numerous PRC human intelligence agents in this country.

It is therefore reassuring that the GCSB National Cyber Security Centre (NCSC) discovered the hack and found that no strategically important or sensitive information was breached. We shall have to trust them on that. However, that does not mean that this will be the last time ATP 40 or some other PRC cyber-hacking unit will attempt to breach NZ government and private cyber defences. That is what they do, and because NZ has in the past been seen as the Achilles heel of the 5 Eyes network due to traditionally poor cyber security practices, it will likely do so again. This is an ongoing problem that the NCSC was created to address, but the offence versus defence dynamic inherent in (cyber) espionage and warfare is still in play and will continue to be so for the foreseeable future.

Some have suggested that NZ impose sanctions on the PRC in response to the parliamentary cyber intrusion. The US and UK have announced such measures due to similar PRC behaviour with regard to them (more on this below). However, for NZ that would be a mistake because sanctions at this point would be counter-productive. First, because it would be akin to poking a tiger and invite disproportionate retaliation over what is a relatively minor transgression in the broader scheme of things. Since NZ has yet to wean itself off of its self-made PRC trade dependency, it cannot afford to alienate it just yet, if ever, over an intrusion of this order.

Secondly, these type of breaches are usually handled quietly so that the offending party is not completely sure of how and why they were thwarted or countered. In other words, the GCSB does not want to show its hand when it comes to its counter-hacking capabilities. That the breach occurred in 2021 and only has been acknowledged now indicates that the GCSB feels that enough time has elapsed for operational security concerns to be ameliorated and a “fair warning” issued to the hackers that they are being identified, traced and countered. So there is no need to cause an inevitably damaging public spat with a much more powerful interlocutor. For all the coziness of the 5 Eyes members, no one will come to NZ’s economic rescue if the PRC decides to take punitive economic measures against NZ in the event that NZ tries to impose sanctions of some sort on its largest trade partner.

The timing of the GCSB announcement about the 2021 hack is also coincident with the US publishing the identities of ATP 40 hackers targetting US infrastructure and Australia and the UK warning of their and other Chinese political interference efforts in strong terms, with particular focus in the UK and US on PRC hacker compromises to voting systems in election years in both. The timing of the announcements about PRC hacking efforts therefore seems to be a 5 Eyes-coordinated “shot across the bow” that gives warning to ATP 40 and their counterparts that the times of easy access to critical data infrastructure, even if indirectly and even in NZ, are over. 

But that may be all that it is and not, at least in NZ’s case, a reason for NZ to escalate the matter beyond what it already has said and done. Chinese diplomats have been summoned to MFAT for a “please explain” and scolded for ATP 40’s misbehaviour. The PRC Foreign Ministry has rejected the accusations and warned about scurrilous attempts to besmirch the PRC’s good name. Perhaps it is time to let the dogs go back to sleep.

It remains to be seen if this type of State-backed cyber-probing ends because if nothing else the PRC hacking community is ingenious, well resourced and persistent. For them, this is part of the PRC’s ascent to having a multi-dimensional (voice and cyber encrypted communication intercept, physical and infrared (thermal) imagery aquisition, submarine fiberoptic cable “tapping,” capabilities, etc.), broad specturm, multi-domain (air, land, sea, space, cyber) warfare infrastructure on its way to achieving superpower status. As part of 5 Eyes, NZ is standing in the (albeit in a small) way of that goal. It was and is bound to be an ongoing target of Chinese espionage efforts, including in the cyber domain.

Ultimately the revelations about ATP 40s operations in NZ are a reminder against cyber complacency at home and at work, be in the public or private sectors. This is very true when dealing with so-called “frenemies,” that is, States with which NZ has cordial, even friendly relations on the public surface but with which underlying value systems and security relations are incompatible, strained or even hostile. So long as NZ is a member of the 5 Eyes network and the PRC is an adversary and target of that network even if it is NZ’s largest trade partner, ATP 40 and other PRC intelligence units will be hard at work seeking to discover and exploit any potential avenues of opportunity in NZ cyber-space as well as in other domains. It may be in that in the past “loose lips sunk ships,” but in the contemporary era all keystrokes, phone calls, encrypted messages, Tik Toks and Instas are also grist for the intelligence mill—and exploitable as such.

An earlier version of this essay appeared on March 27, 2024 in the NZ Dominion Post (the-post.co.nz, p.19) and affiliated media outlets.

Unnoticed guests.

The Inspector General of Intelligence and Security (IGIS) recently released a report in which he exposes the existence of a foreign intelligence partner-controlled technological “capability” inside the headquarters of the GCSB, NZ’s 5 Eyes-affiliated signals intelligence collection and analysis agency. The memorandum of understanding (MOU) governing the way in which this “capability” was used was negotiated from 2008 through to 2012, and the system went operational in early 2013. It continued to do so until 2020, when it supposedly suffered a systems failure and the equipment was removed.

The IGIS became aware of its existence while investigating an unrelated, different foreign partner-operated “capability” in the GCSB in recent years. What he found about the 2013-2020 “capability” was troublesome on several levels.

At a broad level, the IGIS appears to have indirectly confirmed what Edward Snowden revealed when he defected and leaked thousands of classified documents to investigative journalists in 2013. Those documents included descriptions of signals intercept programs such as XKeyscore, Speargun, Cortex and Prism, all of which were unknown to the public or most political leaders at the time and one of which may be the “capability” in question.

Negotiations over the MOU and entering into service of the “capability” occurred during the first two National-led Key governments. Key was the Minister for Intelligence and Security as well as PM at the time. The MOU assumed that the Minister of the day and perhaps cabinet would be informed of the “capability” following the “no surprises” policy in the Cabinet Manual regarding sensitive, controversial or security-related matters. The MOU specified that the GCSB would be informed of what the “capability” was doing in real time, what its end products/outputs were and to what purposes it was being used. The MOU was also supposed to be reviewed on a regular basis, but in fact it never was.

The “capability” was not a collection technology but an analytic mechanism to which the GCSB delivered collected inputs (intercepts) from a variety of sources. From time to time the foreign partner agency would send emails requesting “feed” settings changes on the “capability” that were done by GCSB personnel. The IGIS found evidence of 45 of these but believes there were more that went unrecorded due to faulty or patchy record keeping and, most troubling, the foreign partner agency unilaterally changing the “feed” settings on the “capability” from a remote location without notifying the GCSB.

That is just part of the problem. Whatever was intended to happen according to the MOU, in practice the Minister responsible for the GCSB–John Key in the first instance–was apparently never informed of the “capability’s” existence. Nor were any other members of the political leadership, even after the Intelligence and Security Ministerial position was divided into two (one responsible for day-to-day oversight and the other a a more general steering role). Worse yet, the senior GCSB leadership after 2013 were also kept in the dark about the “capability’s” existence. Some of that may have been due to the revolving door nature of the Director General’s (DGGCSB) position after the Kim Dotcom illegal spying fiasco of the early 2010s, where general “authorisations” were rubber-stamped by incoming DGGCSBs without paying attention to the details of what was being authorised. It is also possible that lower level technicians with hands-on roles regarding the “capability” assumed that middle management kept their superiors in the chain of command informed about the “capability” and its operational status when in fact no senior leader was the wiser about the system after in came on line. In addition, hosting of the foreign partner’s “capability” was within the law according to the 2003 GCSB Act regarding foreign intelligence sharing even if the GCSB leadership and political decision-makers were not informed about its presence. Everything was lawful and yet in violation of the MOU regarding the duty to keep Ministers and senior agency leaders informed.

Beyond that, problems remained. No legal framework or organisational protocols were developed regarding the “capability’s” usage. In fact, unlike another NZ intelligence partner country that had a similar technology installed on its soil, there was no institutional and legal frameworks developed by the GCSB and Crown Law to specifically govern the operation of the “capability.’ That meant that the “capability” was used without regard to NZ law and international legal commitments.

As an illustration of what could go wrong with this arrangement consider the following. The IGIS repeatedly mentions in his report the possibility of data from the “capability” being used for military purposes, targeting in particular. Even though “targeting” can refer to a number of intelligence-related activities beyond kinetic strikes against physical objects, the possibility remains that NZ hosted a technology that in fact may have been used to do so. Imagine a drone strike in Afghanistan using GCSB-collected data that was analysed and “packaged” by the foreign intelligence partner-operated capability located on NZ soil. Imagine that the drone strike wound up killing innocents as well as intended targets. That makes NZ culpable as an accomplice of war crimes because it was part of the kill chain even if it was not aware of being so.

That brings in the second troublesome aspect of the issue. Whatever the MOU intended, in practice the GCSB had no operational control over how the “capability” was used or what its end products were. Instead, it served as a type of maintenance engineer, maintaining the platform and changing “feed” settings on it upon request (and sometimes not even being aware that the settings were changed remotely). Evidence of the latter only became apparent when GCSB personnel noticed unexplained data outflows at odd times in which there were no setting change requests. Although this was discussed internally by those involved with the “capability,” it was never brought to the attention of the agency’s senior leadership, much less the Minister. It was only discovered by the IGIS during the course of his post-2020 investigations.

In effect, the problem with the arrangement governing the “capability” installed within GCSB headquarters in 2012 was two-fold: on an internal level there was no vertical accountability to their superiors inside and outside of the GCSB from those responsible for handling the technology. This is a gross violation of basic principles of democratic oversight of intelligence operations, where senior intelligence professionals and the decision-making politicians elected by the public are supposed to take responsibility for whatever choices are made regarding intelligence matters. In this instance both the political and civil service leaderships were ignored by their GCSB subordinates, who ran what could be called a type of “dark” operation within an already opaque agency when it comes to revealing or acknowledging its activities.

The second problem is one of sovereignty. The GCSB hosted a foreign espionage platform operated by an intelligence partner country without any meaningful level of scrutiny or control, legal or practical, over what that platform did. The GCSB knew about its technological attributes but little more, and certainly knew nothing about its uses and end products until, at best, after the fact (in just one instance as far as the IGIS could determine). Although the IGIS report does not mention the possibility, it is known that US personnel are regularly stationed at GCSB facilities and, according to the report, were involved in training GCSB personnel in the operation and maintenance of the “capability.” If US (presumably NSA) officers were inside the GCSB and involved in running the “capability” without the knowledge of GCSB leaders and the Intelligence and Security Minister, then the infringement on NZ sovereignty was great.

Think of it this way. Imagine that the CIA sent an undercover officer to work from within the SIS on a project tasked by the CIA. Although the MOU governing his/her work stated that the SIS would know about his/her activities and regularly review them, the SIS had no idea what the CIA officer did although it regularly provided him/her with various spycraft tools of the trade. The CIA officer answered and provided human intelligence to the CIA, which did not share with the SIS how the intelligence was used or what its end product or output was. The SIS “handlers” of the CIA officer did not inform their superiors about his/her presence and no one told the responsible Minister that s/he was even in NZ. How would people react to such news? Well, that is what has been revealed about the GCSB foreign “capability” program from 2013-20.

The irony is that had the “capability” been revealed to the responsible Ministers and GCSB leadership it would have most likely been approved given the nature of the NZ governments during that period and importance of NZ’s relationship with its 5 Eyes partners. Or, given how he governed, perhaps John Key told the GCSB that he did not want to know about sensitive operational matters because it gave him plausible deniability when asked about them. Maybe there was a bit of truth in both possibilities. Who knows?

Another interesting aspect to this story is that it is very possible that the “capability” was installed at the GCSB headquarters in Wellington because NZ’s looser intelligence and security laws at the time made it easier for the foreign intelligence partner to circumvent its own laws regarding certain types of signals intercept collection and analysis. The Snowden leaks detail instances of “bulk collection” and other types of whole-scale metadata gathering that much like some types of mass surveillance violate the right to privacy and presumption of innocence in most democracies. The IGIS report actually mentions metadata collection, albeit without specifics. It is therefore possible that the foreign intelligence partner took advantage of NZ’s looser oversight and legal control regime in order to do what it could not do at home.

One positive discovery by the ISIG was that as far as he could tell the “capability” was not used on NZ citizens or permanent residents. That reinforces the notion that the targets of the “capability” were foreign as well, military or not. Again, Snowden’s leaks alluded to this.

When the 2017 Intelligence and Security Act was promulgated, which superseded previous legislation like the 2003 GCSB Act and brought various legal artefacts into one body of legislation, things appear to have begun to tighten when it comes to internal oversight mechanisms within the GCSB and the SIS. Former GCSB Acting Associate Director General (and later SIS Director General) Rebecca Kitteridge and former Inspector General of Intelligence and Security Cheryl Gwynn were instrumental in this regard and met concerted resistance from the “old boys” ranks within both agencies. Although they resisted so-called “bureaucratic capture” by spy agency “old boys” institutional inertia was great and it ran against them. They made significant inroads when it came to reforming institutional culture and practices, but much more remains to be done.

Here the troubling aspect is also double-sided. One the one hand the culture of impunity within these agencies continues to exist, even if in diluted form. The IGIS had great difficulty obtaining records, documents and truthful statements about and from those involved with the 2013-20 “capability.” Even after leaving the GCSB, some claimed to not recall its existence even though they were directly involved with it. This indicates that they are more loyal to each other and their foreign partners than to the governments of the day and the people who paid their salaries when in government service. Wellington, there is a problem.

The second difficulty is that for all the tightening of internal oversight mechanisms, there still is no effective external oversight of the NZ intelligence community, and particularly of operational agencies like the GCSB and SIS. The parliamentary committee on Intelligence and Security remains a toothless gab-fest with no powers of compulsion under oath or any other other form of disciplinary enforcement powers levied on intelligence agencies for a lack of institutional candor or cooperation. Legal punishments for these agencies for breaking the law are limited to small fines and no personal punishments. That means that the bureaucratic culture of impunity within some elements of the intelligence community is rewarded rather than constrained because, quite frankly, agency personnel can get way with things that the rest of us cannot because they are the so-called “keepers of the secrets.”

As things stand, as far as the IGIS report mentions none of those responsible for managing the “capability” have been held to account or disciplined in any way. The suggested agency reforms proposed by the IGIS, all accepted by the GCSB, do not address the issue of individuals discipline or accountability. It seems that impunity is its own reward.

This extends to their incompetence. One of the provisions of the Royal Commission on the Christchurch terrorist attacks was that no one within the intelligence and security communities would be held responsible for failures of a personal or institutional nature. This was supposedly done to encourage people to talk freely about what was and was not known in the lead-up to the attacks, but instead what resulted was a highly sanitised whitewash of bureaucratic and personal responsibility for the intelligence failures that facilitated the carrying out of one of NZ’s worse mass killings in modern times.

In effect, the story about this foreign intelligence “capability” secretly operated from within the GCSB is one about violation of basic principles of democratic oversight of intelligence agencies, of an abdication of sovereignty to a foreign power when it comes to intelligence collection and analysis, and above all, of an ongoing culture of impunity within NZ intelligence agencies that do not appear to have learned the right lessons from the Zaoui, Dotcom or March 15 cases when it comes to behaving ethically and taking responsibility for the actions or inactions taken on their watch.

Which begs the question: in spite of all the post 2017 tightening of internal oversight mechanisms, will it be a matter of when not if before history repeats when it comes to an intelligence agency scandal?

Another Brief on Intelligence Matters.

Although my son is still in hospital he is recovering well and should be sent home soon. We dodged a bullet thanks to the Starship medical staff.

While at the hospital a reporter from one of Argentina’s oldest and most influential papers got in touch with me to discuss the case of the Russian double agent (for the UK) Sergei Skripal and his daughter, who were poisoned some years ago by Russian agents but survived and then disappeared. Some time ago they were reported to be hiding in NZ and I was asked about that by various media, and the Argentine reporter had seen some of the news coverage that mentioned me. He was most focused on the details of the case and whether the the Skripals could still be in NZ if they ever were. But before that he wanted a primer on intelligence operations. Here is the Q&A in English.

Why do countries spy and why do they react negatively to being spied upon? What is intelligence collection and what type of people are selected to become intelligence agents?

Espionage and intelligence-gathering is rooted in human nature. Humans fear uncertainty, and a way to diminish uncertainty is to gather information about uncertain subjects, be they economic, military, natural, political or social. It helps determine intentions as well as capabilities or other factors otherwise unknown. From that intelligence-gathering, knowledge is achieved and uncertainty is diminished. And if it is true that knowledge is power, then power is enhanced by intelligence-gathering.

Intelligence collection and analysis comes in three forms: human intelligence, signals/technical intelligence and open-source intelligence. Human intelligence refers to human collectors, i.e. intelligence agents of the State and non-State actors (say, private security firms or investigators) who collect information from personal observation, interactions and exchanges with people in a designated functional areas, regions or countries. State intelligence agents work in two ways. One is under the protection of a diplomatic passport. Known as “official cover” agents, this includes military attaches as well as other diplomatic personnel whose activities are recognised by host countries but which often extend beyond the official remit outlined in their credentials. If caught and accused of espionage, official cover agents are detained and deported as per diplomatic protocol (that is, they received diplomatic immunity).

Non-official cover (NOC) agents are what are traditionally known as spies. They are the stuff of cloak and dagger stories but the reality is a bit more mundane in most instances. They work under the cover of assumed names, aliases and occupations, for example as businesspeople, academics or developmental aid workers, among many other “covers.” If caught, they are subject to the full penalties of the jurisdiction in which their offenses were committed and where they are charged (including being subject to the death penalty in many countries). They receive no diplomatic immunity. The outed US spy Valeri Plane (outed in 2003 by the W. Bush administration as revenge for husband refusing to go along with their lies about Iraq having nuclear weapon precursor yellowcake stockpiles), who used a job as a petroleum executive as cover for her espionage activities in the Middle East, is an example of such a so-called “NOC.”

NOCs tend to work in a highly compartmentalised or “siloed” manner, dealing with one agency liaison up the collection chain and putting degrees of separation between the down-chain primary source contacts (informants who may be conscious or unconsciously helping the NOC and be paid or unpaid depending on who they are) in order to maintain tight operational security. The means of feeding intelligence up the chain are many, involving technical tools as well as personal interactions.

There is a sub-set of human intelligence agents that might be called “hunter-killers.” While all human intelligence agents will be trained in things like surreptitious entry, lock-breaking, concealed observation (static and in motion), eavesdropping and other such tradecraft, the hunter-killer sub-set includes assassination in their repertoire. The lethal means can include a range of tools, to include poison, blades, firearms, explosives or armed unmanned vehicles (for example, the CIA has its own UAV fleet, as does Mossad, among others). The individuals who engage in this type of activity are, at least when tasked to do such things, not true spies in the proper sense of the term since their focus is not on obtaining information but on acting on information previously obtained, although they may work in partnership with official or non-official cover agents because their priority focus is on tracking and eliminating targets. They are essentially assassins, although they may even engage in broader combat activities depending on circumstance. Intelligence agencies maintain paramilitary units for such purposes, and they can be embedded in or along with military forces. Given the threat environment in which a State operates and the nature of the adversaries being confronted, the number of hunter-killer agents, units or teams may be large or small. Israel has a large number of such people. The US has a fair number. New Zealand has none, as far as is known or admitted. In general and as can be expected given the nature of their rule, authoritarian regimes use hunter-killers more than democracies.

The ideal human intelligence agent must have a calm and even temperament, be able to display coolness under pressure, be resourceful, have a keen sense of curiosity and ingenuity when problem-solving, have the ability to think laterally and “out of the box,” and have a capacity to “silo” or compartmentalize their work so that their real work life as intelligence collectors is undetectable in their personal, public and private lives. They must be able to ward off being compromised, be it sexually, financially or socially. They must be able to keep a secret and rationalize their personal morals and ethics with their professional ethos and obligations. They must have a deep sense of and commitment to public service (service to the State on behalf of the Nation).

Selection to become a human intelligence agent varies from country to country. Along with the traits mentioned below, in authoritarian regimes party and personal loyalties to political elites are a significant factor in recruitment and selection. In democracies, they are not. Modern intelligence agencies in democracies maintain professional standards for recruitment and promotion that are neutral when it comes to partisan and personal politics. They use advanced psychological testing to determine a candidate’s fitness to serve. These include cognitive, physical and intellectual testing, often involving real-case scenarios in which a candidate is placed in a pressure situation in order to evaluate their decision-making capabilities. Once a candidate has been accepted into service and learned the tools of the trade (“spycraft”), they are matched with a suitable cover profile and trained in how to maintain that profile in the field (be it as a diplomat, military officer or undercover agent). There are variations to this scenario but the overall thrust is very similar in most developed States, and in fact in some instances (5 Eyes) intelligence agencies have exchange programs for officers from allied States in order to improve professional standards amongst them.

Question Two: It is said that Russia prefers human intelligence collection whereas the US and UK prefer technological means. Is this true and if so, why?

During the Cold War and the first 20 years of the post-Cold War environment, the US had a great advantage in signals and technical intelligence (SIGINT/TECHINT), moving far beyond the early 20th century techniques of eavesdropping on phones and/or in public and private places or using radar, sonar or advanced photographic techniques. It expanded the SIGINT/TECHINT collection domain to include space and submarine collection capabilities as well as sophisticated electronic and technical collection platforms using infrared, acoustic signature detection, computer intercepts and then cyber-hacking. As a result, it placed less emphasis on human intelligence collection, in part because it is a US cultural trait to believe in the superior benefits of advance technologies in everything from kitchens, cars and television to warfare. As a result, as of the 1970s the US diverted intelligence resources and focus towards signals and technical intelligence collection to the detriment of human intelligence collection. Also remember that CIA activities in Chile, Indonesia, and many other places had placed a stain on the reputations of field agents and undercover officers involved in those activities, so the move away from human intelligence collection was an expedient way of getting out of the unwanted limelight.

As a result, human intelligence collection (HUMINT) was maintained  but in diminished numbers. Given the changing priorities of the post-Cold War geopolitical environment, it left an unbalanced focus on post-Soviet dynamics without a shift to emerging threats such as ideologically motivated non-State actors like al-Qaeda.  For that HUMINT work the US increasingly relied on Israel and other allied countries. The emphasis on SIGINT/TECHINT was reproduced and compounded by the 5 Eyes network, which created economies of scale in that form of intelligence gathering that began to dominate the overall information acquisition process in their respective communities even if human intelligence agents were tasked with following up on information obtained and gleaned by SIGINT/TECHINT means by any of the partners.

The problem with over-emphasising signals and technical intelligence collection is that it often cannot discern real intent by separating bluster and idle talk from a commitment to action. Operational security counter-measures can also thwart effective SIGINT/TECHINT collection. In addition, the trouble with relying on partners for human intelligence collection and analysis is that the intelligence comes “filtered” by the interests of the sharing State, not all of which are exactly coterminous or identical to those of the US (and vice versa for its partners). In recent years the US has revived its human intelligence programs, but they are playing catch up when it comes to recruiting people with the appropriate language, social, cultural and personal skills to operate under deep cover (or even officio cover) in foreign environments. People with backgrounds in anthropology and sociology are high value recruits, but the number of them are small when compared to the amounts of subjects/targets that need covering.

As an example, when 9/11 happened the US military intelligence is reported to only have 3 Arabic speaking linguists in their ranks. NZ human intelligence (the SIS) had none, and even with the recruitment of Muslim, Chinese and Polynesian New Zealanders in recent years, it lags far behind when it comes to people with the requisite skills to undertake both official cover and NOC work given the threat environment in which NZ now operates.

As for the Russians, the situation was different. Because the Soviet Union/Russia and the PRC were considerably behind the US when it came to signals and technical intelligence well into the 1990s, they both emphasized and put resources into human intelligence collection. For decades even that form of intelligence collection was limited to internal intelligence and counter-intelligence (for example, against counter-revolutionaries, some of whom had foreign backing) and in their near abroad or against strategic adversaries (the US and its major allies). Over time the human intelligence capabilities of the USSR and later Russia expanded to have a global reach, something that China has emulated today. Other countries such as Israel have developed similar capabilities, using Jews in the diaspora as collection agents (known as “sayanim”). 

However, in the 21st century both Russia and China have put much effort and resources into developing state of the art signals and technical intelligence collection capabilities Although they do not have the economies of scale available to the 5 Eyes Anglophone signals intelligence network, they have developed sophisticated capabilities of their own. The advent of social media has facilitated and accelerated this effort, something seen in the disinformation and misinformation campaigns undertaken by the Russian signals intelligence agency, the GRU, against Western democracies via the work of dedicated units such as the Fancy Bear cyber-hacking group that interfered with and continues to interfere in US and other democratic elections while promoting socio-political discord and right-wing conspiracy theories (including in NZ).

Hence, while it is true that Russia has traditionally favored human intelligence collection methods, to include hunter-killer activities, that is no longer the absolute case. Both it and the PRC have a very expansive and sophisticated signals and technical intelligence capabilities, including in space, in the atmosphere, on land and under the sea.

Examples of technical and signals intelligence collection include photographic and thermal imagery from space, submarine interceptions (“tapping”) of undersea communications cables (such as by the PRISM system used by 5 Eyes), airborne photography, jamming and early-warning detection, metadata targeted and bulk collection of internet communications, and acoustic “reading” of vibrations from interior conversations on exterior surfaces such as windows. Plus all of the old fashioned techniques such as telephone wiretapping, coding and decoding, encryption and decryption, etc. Artificial Intelligence has been used for some years now even if the commercial applications have only become operational in recent times, and is set to become a dominant means of extracting actionable intelligence from vast quantities of data as well as more rapidly recognising, analysing and filtering threat assessments and other intelligence priorities.

Questions 3 and 4: How does UK intelligence operate and why does it treat intelligence gathering differently from espionage?

Before delving into the specifics of the question, allow me to note that oversight and regulation of intelligence operations and agencies differs greatly between democracies and authoritarian regimes. Authoritarian regimes use intelligence agencies for domestic espionage, paralleling or supplementing the work of police intelligence units that are focused on crime-fighting. In such cases the focus of intelligence agencies is on domestic political dissent, subversion, foreign agents (counter-espionage), and a number of other targets such as environmental activists and other non-conformists who the regime deems to be enemies of the State. Intelligence units are bound by their own internal rules and procedures, which usually are much looser than those in democracies. They also have para-military units of the “hunter-killer” type that are tasked with hunting down and eliminating opponents at home and abroad. The Skripal case is an example, as was the Operacion Condor network operated by the Southern Cone dictatorships in the 1970s. Authoritarian intelligence agencies and agents are not bound by the rule of law but by the boundaries set by the political (often military) leadership of the regime.

In contrast, intelligence agencies in democratic regimes operate according to the rule of law and constitutional principles. They are more restricted in their freedom or latitude of action. They tend to limit their domestic activities to counter-espionage and transnational crime with State or ideological connections, such as when monitoring and countering Hezbollah activities in the Tri-Corner region of Argentina, Brazil and Paraguay (where drugs, weapons an extremists congregate for mutually beneficial purposes). In general, however, domestic intelligence collection is a responsibility of the police or gendarmes, not intelligence agencies, who only work with the domestic intelligence units of the police and gendarmes when specifically tasked to do so and within defined legal authority.

Because of that intelligence agencies in democracies have a primary focus on foreign and transnational intelligence gathering and threat identification and analysis as well as counter-espionage. They are bound by numerous legislative and legal restraints on their activities and a system of checks via courts and other oversight mechanisms. Unless the circumstances are exceptional (say, a bomb about to go off in a crowded train station), they must adhere to civil liberties and other democratic rights accorded to the population. And even then they often need the authorization of a special court or judge in order to legally infringe on individual and collective rights and constitutional norms.

To be clear, these norms have been violated in many instances by spy agencies in liberal democracies, including in the US, UK and NZ, but if discovered they are liable under the law and can be held accountable by oversight agencies as well as legislatures (if the Executive will not act against them in such instances). Intelligence agencies do not operate according to the whims of the political leadership, but in accordance with and under penalty of law.

In terms of how the UK approaches intelligence matters, it conforms with the democratic model outlined above. It uses legal frameworks to determine the distinction between intelligence gathering by the British State, its allies and partners and even private parties like corporations, versus espionage by foreign States or British nationals working for foreign states or front entities (such as by and for Chinese firms and “friendship societies” connected to PRC military intelligence via “United Front” entities). Having a legal framework delimiting what is and is not permissible when it comes to intelligence collection and the means used to that end gives the British State (and other States in their own ways), legal cover and authority to disrupt and prosecute (often clandestine) intelligence-gathering activities deemed unlawful and illegal.

Put simply, in the UK and other democracies intelligence collection done under official cover is considered permissible up to a point. Intelligence collection done under non-official cover is considered espionage and punishable by law. If an official cover intelligence officer from a foreign embassy goes beyond his recognized intelligence gathering duties (say, by trying to poison a dissident in England), that person will be charged and a warrant issued for their arrest even if they are deported under rules of diplomatic immunity. If a Russian NOC attempts to poison someone and is caught, s/he is out of luck.

Espionage is what the bad guys do; intelligence collection is what the good guys do, and the legal distinction is there to preserve that fiction.

Question Five: Where are the Skripals?

The Skripal’s are likely in a 5 Eyes country. They need to be in a place where they can go relatively unnoticed, where security can be provided for them and where there are not many other Russians around unless those Russians are sympathetic to the Skripals and have been security vetted. They will be provided with fake identities and documentation and take language lessons to disguise their thick English/Russian accents. They will be coached on how to act under their assumed identities, for example, as a retired Bulgarian businessman and his middle-aged daughter who cares for him as per traditional custom. They could be located in a city without many Russians where they can disappear in the crowds or, contrastingly, in a rural area far from prying eyes. That depends on their personal characteristics. If they are urbanites then they would stick out in a rural setting and probably have difficulties coping, much less assimilating. Many factors will determine where exactly they are re-located and hidden from Russian intelligence.

Of course, they may be relocated to a non-5 Eyes country such as Argentina or South Africa. But Skirpal’s spying was done for the UK and 5 Eyes, not other States, so other States would be reluctant to incur Russia’s wrath in the event they are discovered. Plus, other States may be more susceptible to corruption, leaking and not be able to provide adequate levels of discrete but effective security for them. So it seems to that a 5 Eyes country is the most likely place where they have been relocated.

That could be Australia, which has few Russians, lots of anti-Russian sentiment and both large cities and remote rural areas. Likewise, Canada. Even Wales or Scotland might serve the purpose. New Zealand is too small, in my opinion, and the US, although immense, has large Russian expat communities that are not all opponents of the Putin regime and is over-run with Russian spies in any event. So my guess is that they will be in a medium sized town or city in a rural area of a large or relatively unpopulated country or area of a country with few Russians present. But there are people who are experts in this so I can only speculate as to their exact location.

One final observation. The Skripals were poisoned, like other Russian double agents. Russia reserves poisoning for traitors of some importance, not just anyone. People of lesser status fall out of windows, get run over or die in a variety of crashes and explosions, depending on opportunity (remember the Wagner Group boss Prigozhin’s plane crash last year). Lesser rivals such as journalists and whistleblowers get shot. It will therefore be interesting to find out what killed the dissident and opposition politician Alexei Navalny, who supposedly died of “natural causes” in a Siberian prison camp at age 47. My hunch is that he may have received the ultimate (ironic) honour in the way in which his demise came about.

Or to draw the analogy this way: my Italian grandmother was once discussing with my parents the death of a cousin of hers who had mob ties in New York City. My parents asked her about how he died and she said “from a heart attack.” When challenged because the press had covered the story of a low level mobster getting “hit” in some criminal feud, she replied “yes, he died of a heart attack when a piece of hot lead went through it.”

In Russia the heart attack is induced by poison, but only for the special few.

Article Link. “South America’s Strategic Paradox” in MINGA.

The Latin American multidisciplinary journal MINGA just published my article on “South America’s Strategic Paradox.” I was surprised that they wanted to do so because they have a very clear left-leaning orientation and my article was pretty much a straight-forward geopolitical analysis. This was the article that an editor of the New Zealand International Review felt was too broad in scope to publish. Go figure. Judge for yourself (the article is in English, with translation pending).

A toe in the fire.

The decision to send six NZDF personnel to join the US-led anti-Houthi maritime picket line has a number of interesting facets to it. I made a few posts about the decision on a social media platform but will elaborate a bit more here.

It was obvious that a conservative pro-American government coalition would not only sign a US-drafted declaration defending freedom of navigation and denouncing Houthi attacks on commercial shipping in the Red Sea, but would offer some symbolic material support (even if token) to the maritime picket line that the US and its main allies (all 5 Eyes partners) were putting together under the already extant joint task force CTF-153 headquartered at the US 5th Fleet HQ in Bahrain. The task force is led by a US admiral and operates under US Rules of Engagement (ROE). Prime Minister Luxon is an admitted “Americaphile” due to his time spent in the US as a corporate executive. Deputy PM and Foreign Minister Winston Peters was involved in negotiating the Wellington and Washington Agreements establishing US-NZ bilateral security ties and has long voiced his support for US leadership in global affairs. The third coalition party leader, David Seymour, takes his policy prescriptions (and money) from US rightwing think-tanks and conservative lobbies.

Defense Minister Judith Collins (among many other portfolios, including intelligence and security) was the odd person out at the press conference announcing the deployment (Seymour did not attend) because she has previously attempted to use her status as an MP and minister to advance her husband’s business interests in China, and remains as one of the more Sinophilic (yes, said on purpose) members of the new government. Moreover, as Minister of Intelligence and Security and Attorney General, she is now the Keeper of the Secrets of Defense, Intelligence and the Courts, which is only of concern if you worry about a corrupt politician who also is now back scheming with the bankrupt (in every sense of the word) rightwing attack blogger whose miserable antics were outlined in that chronicle of political depravity, Dirty Politics. In any event, with the Collins anomaly excepted, it should be no surprise that the government made a move in support of its security patrons.

The government argues that its contribution is done to protect freedom of navigation, making specious arguments about the impact of the Houthi attacks leading to a rise in commodity prices on NZ consumers (NZ being a trade-dependent country etc.). It rejects the notion that its actions are in any way connected to the Hamas-Israel War even though the Houthis are invoking Article 2 of the 1949 Convention on the Prevention of Genocide to justify their attempts to stop war materials from reaching Israel. It chides those who differ with their justification by saying that it is wrong to “conflate” the Hamas-Israel War with the Houthi attacks even though the Houthis have explicitly done so.

As many scholars have noted, NZ joining the coalition of the pro-Israeli military bloc runs counter to NZ support for UN demands for a ceasefire and its supposed neutrality on the larger context behind the current conflict. Whatever the pretense, the hard truth is that with the NZDF deployment NZ has openly joined the Western coalition backing Israel in its war on Palestinians, eschewing bold support for enduring humanitarian principle in favor of short-term diplomatic realpolitik. Moreover, NZ has now been suckered into, via the US request for a contribution to the anti-Houthi effort, an expanding regional conflict that involves Iran and its proxies, on one side, and Israel and its (mostly Western) supporters on the other. With Russia and PRC (among others) supporting Iran and its proxies, the conflict has the potential to become drawn out as well as involve a larger number of actors.

Mission creep for the NZDF is therefore a distinct possibility, and the claim of NZ foreign policy independence rings hypocritically hollow since it is now clear that when the US asks NZ to take a pro-US/Israel stand on a controversial international issue, NZ bows and obeys.

So what does NZ’s flag-planting entail?

Not much at first glance. Its two frigates are in maintenance or on sea trials. It would do no good to send non-combat ships even if they were available (they would just become targets), and its in-and offshore patrol vessels are not suited to the task even if they could find crews to man them and get them to the theatre of operations. The Air Force could have sent one of its new P-8 maritime patrol aircraft, which would be suited to some picket line duties such as electronic surveillance, but chose to not do so. What was left was finding a way to send ground-based assets to the theatre, and that is what the government and NZDF brass opted to do.

They have ordered the deployment of a six person “highly specialised” team to serve as “targeters” for allied forces using “precision weapons” against Houthi targets. From that description the soldiers could be a military communications/signals intelligence team or could come from the NZSAS, who specialise in long range patrol and reconnaissance and who routinely serve close to or behind enemy lines as forward target spotters (including Mosul during the fight against ISIS, if reports are correct). The NZSAS is believed to already have assets in the Middle East, perhaps stationed in Djibouti or Bahrain, likely in partnership with or as a secondment to the intelligence fusion “cells” or joint SPECOPS units that are located at US bases in those countries. Defense Minister Collins said that they would operate from “HQ and other places,” which suggests that be they military communications/signals intelligence specialists or NZSAS, they may be stationed on allied ships as well as land facilities. Because of their focus on mobility and stealth, if the team is indeed an NZSAS team, then it is doubtful that they will be spending much time behind desks or shining their medals at HQ.

Even so, a six person “targeting” team is a very thin deployment even for military intelligence or the NZSAS, which tend to deploy in platoon sized units. Unless the announced six-person team has larger backup in theatre behind it, there are no redundancies in the deployment, say, if a trooper breaks an ankle while playing paddleboard at the HQ. As things stand, the NZDF as a whole has severe retention problems that include the NZSAS, especially among non-commissioned officers, aka corporals ad sergeants (NCOs) that are the backbone of the regiment. Similar problems afflict other specialist units. In other words, the thinness of the deployment may be symptomatic of much larger problems within the NZDF.

The government says that there will been NZDF boots on the ground in Yemen. Not only do I take the government and NZDF word on this with a big grain of salt, but I will note that Yemen is contested space, the Houthis do not control all of it, and Saudi Arabia shares a border with it. Since the Saudis have conducted a murderous military campaign against the Houthis in the ongoing civil war between the Saudi-backed Republic of Yemen government and Houthi movement “rebels,” it is not far-fetched to think that it or the Republic of Yemen might welcome some anti-Houthi Western specialist forces on their soil.

(As an aside, PM Luxon has a certain form when it comes to the Red Sea conflict. He was the CEO of Air New Zealand during the Key government when an Air New Zealand subsidiary engineering firm sold maritime turbines to the Saudi Navy. Around that same time MFAT approved sale of military support equipment like range finders and fire control systems to the UAE knowing that they could be used against the Houthis (since the UAE is part of the Saudi led coalition against the Houthis), in contravention of voluntary international sanctions imposed because the Saudi coalition was committing war crimes against the Houthi population in the (still ongoing) civil war in Yemen. MFAT signed off on both deals, reflecting the Key government’s approach to such things. When confronted after the turbine sale was completed, Luxon said that he was not involved and had no responsibility for the decision, saying that it was made below his pay grade. That is a bit rich for a guy who pontificates about how he used to run an airline, but more importantly is symptomatic of how National selectively approaches relations with powerful authoritarian human rights-abusing regimes).

The government also insist that the team will not be involved in combat roles. This is an obfuscation as well as a distinction without a difference. The reason is that “targeters” are part of what is known as the “kill chain.” The “kill chain” starts with intelligence-gathering, moves through target identification and selection, then weapons and delivery platform designation, and ends with a trigger pull or launch command. The NZDF just joined the anti-Houthi kill chain. How is that so?

The NZDF “targeting” team will analyse intelligence feeds from technical (TECHNT), signals (SIGINT) and human (HUMINT) sources, including satellite and drone imagery in real time. They will evaluate the legitimacy of the intelligence by confirming the targets using a variety of means, of which getting proximate eyes on potential targets using their core skills is one possibility. In some cases targeting teams get close enough to electronically “paint” designated targets prior to air strikes (think along the lines of extremely sophisticated laser pointers). Once the target identity is confirmed and deemed actionable under the ROE, the team will pass its confirmation of the target to commanders who operate weapons platforms and who designate what sort of weapons should be used given the nature of the target (say, a sea-launched cruise missile from a destroyer or submarine or an air-launched Hellfire missile from land or carrier-based aircraft).

So what are its targeting constraints? That is unknown and the government and NZDF have not said anything about them. What is known is that the NZDF team will be operating under US command within the structure of CTC-153 operating under the name Operation Prosperity Guardian, which means they will not have autonomous say in what ultimately its designated as an “actionable” target. But the problems with the deployment go beyond the flexibility of US ROEs. It has to do with the kill chain itself.

That is why speaking of “precision” munitions is an easy way to whitewash their effects. They are precise only if the intelligence and targeting guiding them is accurate in real-time and the ROE is strictly defined. A precision guided weapon aimed at the wrong target or without regard for collateral damage is just another dumb bomb with guidance sensors and a camera. Plus, warhead throw weights matter. It is hard to be surgical with a 500lb. or1000 lb. warhead if the intelligence and target designations are not precise (they can be but not always are given the command pressures to deliver results in terms of enemies and equipment destroyed), which is why the intelligence/targeting part of the kill chain must be systems redundant before a trigger is pulled.

Again, none of this has been made public. No parliamentary consultation was undertaken before the decision to deploy the team was made. The irony is that the deployment, especially if my assumption is correct in that it involves the NZSAS, could have been done discretely and without fanfare. NZSAS deployments are done in secret all of the time and the public and politicians are none the wiser. Yet here the government chose to go public and grandstand with its announcement, which even if designed to offer public affirmation that NZ is part of the “club” John Key once talked about with regard to the NZDF presence in Iraq, also exposes the targeting team to increased physical risk and NZ to increased reputational harm given that most of the international community do not share the view that Houthi’s actions are unrelated to the Hamas-Israel war or that Israel is the good actor in it. But Israel is a close intelligence partner of the 5 Eyes network, so perhaps NZ’s choice of expediency over principle has something to do with that (rather than freedom of navigation per se).

Whatever the rationale behind the government’s decision, it seems that it is sticking a toe into a fire that may grow hotter rather than cooler. Then the question becomes one of whether the government has contingency plans ready to prevent NZ from being drawn further in and burned in the service of, to quote another Nicky Hager book title, Other People’s Wars.