Category Archives: NZ Security

Crying wolf on terrorism for political gain.

Posted on by
2

The merit of a proposition can be judged by the strength of the argument in support or defense of it. In the case of the proposed changes to the GCSB and TICS Acts, the government’s argument has basically reduced to claims that terrorists will strike if the bills do not pass, perhaps even using weapons of mass destruction. More than an argument in favor of the bills, it is a sign of desperation on the part of a government unwilling to level with the public on its real intent.

To begin with, counter-terrorism is a very small part of what intelligence agencies do. Ninety percent of intelligence collection and analysis, to include its sub-set of electronic espionage and counterespionage, is focused on traditional corporate, diplomatic and military intelligence gathering. That is true for the Five Eyes/Echelon signals intelligence network and even more so for countries that are not on the front lines of the so-called War on Terrorism.

Yet countering “terrorism” has become the buzz word used by politicians to justify the expansion of the security apparatus in all its forms, to include the militarization of police functions and extension of powers of search and surveillance. It is the fig leaf that covers a multitude of sins perpetrated by the state in the name of national security.

This is an important point because as nasty as it is, terrorism is not an existential threat to any established state, much less a consolidated democracy. Viewed objectively, it can be properly seen is a crime of violence most often carried out as an irregular warfare tactic for ideological reasons. In the hands of non-state actors it is a weapon of the militarily weak that cannot be used regularly and systematically against a broad array of targets in the face of state enforced counter-measures. Although impossible to eliminate in its entirety, especially in its small cell or lone wolf application, this type of terrorism (i.e. in John Key’s airport bomb hypothetical) is a type of criminal violence best handled by the police using the intelligence made available by human as well as signals and technical intelligence agencies.

That may or may not involve electronic eavesdropping of a targeted sort. What is not needed to counter terrorism is blanket adoption of draconian security laws that restrict individual and collective freedoms, including the right to privacy. Oppressing the majority out of fear of an extremist few is counter-productive for no other reason than doing so plays into the hands of the aggressor.

In any event New Zealand is not on the front line of the War on Terrorism. Its threat environment is different than that of Australia, the UK and the US. It is more akin to (yet less than) that of Canada, and it is telling that Canada has resisted moves to closely align its domestic intelligence gathering powers with that of its Northern Hemisphere partners. The Canadians well understand the hierarchy of threats confronting them, and in light of that have shied away from the type of legislation currently being proposed in New Zealand.

If anything, the Canadian government knows that closer public alignment with the US and UK on security issues invites greater risk of attack from those engaged in armed conflict with them. It also understands that what irregular threats exist for Canada, they are more likely to be internal and related to domestic policy issues than external in origin or manifestation. New Zealand is similar in both regards.

What this means is that the specter of terrorism raised by John Key is a dark chimera that has little connection to New Zealand’s real threats, but which is used to defend the passing of security legislation that is more appropriate for the threat environment in Pakistan or Yemen than that of the South Pacific.

In recent years cyber espionage has become the predominant form of signals intelligence threat, to include that in New Zealand. The focus of attention of Five Eyes and other signals intelligence agencies is increasingly on fiber optic cables, routers, switches and the computers that use them, as opposed to radio and satellite intercepts (even if the latter remains a priority for Echelon). In pursuit of effective counter-measures, the Echelon partners have developed sophisticated labor-savings software such as PRISM and XKeyscore that filter the first cut on zillions of bytes of electronic data (the so-called meta-data), thereby making it easier for human analysts to target specific communications based upon keywords, phrases and usage patterns.

This mass trawling through personal as well as institutional electronic communications is indeed efficient, and not problematic for countries under non-democratic rule, but poses a problem for liberal democracies where the right to privacy and presumption of innocence go hand-in-hand as the bedrocks of citizenship.

Cyber espionage in New Zealand is mostly but not exclusively perpetrated by foreign state and non-state actors seeking to access sensitive corporate, political and security information. This includes back-door access via personal computers and electronic devices into work computers of targeted sectors. Since New Zealand has the most porous internet security of the Five Eyes partners and because its economic and political decison-making elite is relatively small in comparison, it is considered to be the weak link in the network by adversaries and allies alike.

Be it by groups such as Anonymous or by state agencies such as Chinese military intelligence (and there are many others), it is estimated that New Zealand computer networks are probed dozens of times a year (at least as far as what has been publicly admitted by the government). Thus the interest in increasing the GCSB’s cyber-securty function in order to bolster the defensive aspect of local cyber intelligence (targeted hacking of foreign networks being the offensive side).

The hard fact is that cyber espionage and counter-espionage is the newest and increasingly most pervasive form of spying and is here to stay, so New Zealand has to lift its game in that field of play.

This is the real reason why the Bills have been introduced. The trouble is that they contain a very strong offensive aspect to them, in part owing to the blurred nature of cyber espionage that does not conform easily to the foreign versus domestic dichotomy traditionally used to partition internal from foreign intelligence gathering. Threats now are seen as “glocal” or “intermestic,” and thus offensive cyber intelligence operations are run side-by-side with domestic counter-intelligence (defensive) work. That includes meta data mining on home soil, and the sharing of that data with Echelon partners.

Rather than honestly reveal the true reasons why the amendments to the GCSB and TICS Acts are being proposed, the National government has resorted to the old canard about terrorism. It may be doing so because it is undiplomatic to point out that its second largest trade partner has been accused by New Zealand’s strongest security and intelligence partners of being the source of most cyber attacks on their respective and shared computer networks. It may be doing so because it assumes that most people simply do not care about issues of security and intelligence, and it might be right. But whatever its rationale, its proposals are way over the top given the realities of New Zealand’s position in world affairs and its history as a democratic polity.

There is much more that is wrong with the New Zealand intelligence community–the lack of effective and independent oversight, the political manipulation of intelligence flows, the overly broad definition of national security and threats to it being foremost amongst them. It is therefore not surprising that in the very framing of the debate about the GCSB and TICS Bills, the government has resorted to bluster and fear-mongering rather than outline the real thrust of its changes.

That is a pity. Had it done so it might have been able to reach a compromise on cyber security more appropriate for a small liberal democracy on the periphery of the major conflicts of our times. However, as things stand New Zealand is about to be saddled with a cyber-security apparatus apparatus more similar to that of Singapore than those of Belgium, Norway or Uruguay.

That pretty much says it all about how National views the world.

 

Three perspectives on the spy bills.

Posted on by
Reply

Selwyn Manning has done a Q&A with three individuals who have different and at times conflicting views of the GCSB and TICS Bills, although all three are critically opposed to the bills in their present form. One is a strategic analyst, one is an internet entrepeneur and one is an IT lawyer. John Key may dismiss them as uninformed, politically motivated or holding some hidden agenda, but their differing takes on the issue may make for some food for thought for KP readers.

The Q&A can be found here.

Long and short of the NZDF spying scandal.

Posted on by
3

Accusations that the NZDF may have been spying on journalist Jon Stephenson during or after he was in Afghanistan researching what turned into a series of very critical stories about the actuality of SAS operations in support of the elite Afghan counter-terrorism Crisis Response Unit (CRU) have sparked both public outrage and government backlash. Numerous media entities and civil libertarians have protested the alleged spying as an infringement on press freedom, with the story now picked up by the US press because Mr. Stephenson was working for a US based news service when the spying supposedly occurred, and the spying may have been carried out by US agencies.

It is early days yet in the development of the story, but there are numerous angles that if explored could lead to a can of worms being opened on the NZDF and NZ government as well as the US administration. More immediately, if what has been made public so far is accurate then there are some NZ-focused issues to ponder, which can be broadly divided into matters of short and long-term consequence.

The specific accusation is that NZDF obtained meta-data about Mr. Stephenson’s phone records from US intelligence sources while he was in Kabul. This meta-data included the phone numbers of those he contacted or who called him while in theater, which could be “mined” and subject to network analysis in order to create signal maps and flow charts of the patterns of communication between them as well as with Mr. Stephenson (what have been called signals meta-data “trees”).

Implicit in the original story by Nicky Hager is the possibility that the content of Mr. Stephenson’s conversations and possibly his emails were accessed by the NZDF, or at least by foreign partners who then shared that information with the NZDF.

This is the short aspect of the story. Mr. Hager believes that Mr. Stephenson was subject to an NSA signals trolling scheme akin to that done by the PRISM program, and that the NZDF may have requested that Mr. Stephenson be surveilled by the NSA as a result of Stephenson’s investigation but also because the NZDF could not spy on him directly. However, since the SIS and GCSB had officers on the ground in Kabul and shared workspace with NSA and CIA personnel, the possibility was raised that they were somehow involved in the electronic monitoring of Mr. Stephenson, either has initiators or recipients of the NSA meta-data mining of his communications.

This may or may not prove true. The government and NZDF flatly deny that any spying, whether by the NSA, GCSB or NZDF, was done on Mr. Stephenson. Mr. Hager claims to have evidence that NZDF personnel obtained Mr. Stephenson’s telephone meta-data (presumably he has at least been shown that data by the NZDF personnel who are his sources).

One of these versions is apparently false, although there may be a twist to the story that bridges the veracity gap between them.

Since Mr. Stephenson was in a declared conflict zone in which a multinational military coalition was engaged, he was inevitably subject to military intelligence collection. Military organizations and their various service branches maintain human and signals intelligence collection units that focus on tactical aspects of the conflict zone. That would, at a minimum, include canvassing local telephone and email networks for information on potential threats and contextual background. Such collection is designed to facilitate “actionable” intelligence: information that can be used to influence the political environment as well as the kinetic operations that occur within it.

It is possible that Mr. Stephenson’s phone records were collected by an ISAF military signals intelligence unit. It probably was that of a US military unit. That unit may have identified Mr. Stephenson as a New Zealander and passed his information on to one of the intelligence shops located at Bagram Air Force base or elsewhere for sharing with the NZDF as a professional courtesy and a “head’s up” on who Mr. Stephenson was involved with.

If this is true, then Mr. Hager’s NSA/PRISM/GCSB/NZDF spying scenario is wrong. However, the issue does not end there. The big questions are whether the NZDF requested that an allied military signals intelligence unit spy on Mr. Stephenson, or if not, what it did with the information about Mr. Stephenson volunteered to it by its ally.

If the latter is the case, then it is possible that the NZDF took no action because it either considered the information marginal to its intelligence concerns or improper for it to receive and use. That in turn could have led to the destruction of that meta-data after it was received.

On the other hand, if the NZDF requested said information about Mr. Stephenson from a military intelligence partner, that would make any subsequent meta-data record destruction an attempt to eliminate evidence of that request or the use to which the data-mining was put.

It should be noted that such spying in conflict zones is usual and to be expected by anyone operating with them, journalists and non-journalists alike. Moreover, it is perfectly legal as well as reasonable for the NZDF to share information with its military intelligence partners, even if it includes information about unaffiliated NZ citizens operating in conflict zones in which the NZDF is deployed. Thus it would not have been unlawful for the NZDF to obtain Mr. Stephenson’s electronic meta-data whether it initiated its collection or merely received the results.

This extends to its use of the SIS or GCSB to assist in said collection, since the SIS is empowered to spy on NZ citizens and the GCSB was working in a foreign theater in which Mr. Stephenson was working for a “foreign entity” (McClatchy New Service), therefore making him a legitimate target under the 2003 GCSB Act. Whether one or both of these agencies was involved in the spying on Mr. Stephenson, should it have occurred, the eavesdropping could legally be conducted without warrant, again owing to situational circumstance.

However, just because something is legal does not make it right. This is where the long of the story comes into play.

Mr. Hager also revealed the existence of an NZDF operations manual, apparently drafted in 2003 and revised in 2005, that included at least “certain investigative journalists” along with hackers, foreign spy agencies, ideological extremists, disloyal employees, interest groups, and criminal organizations in the category of “subversive” threats (although it remains unclear as to when that particular passage was added to the text and who authored and authorized it). The definition of subversion was stretched to include those whose activities could undermine public morale or confidence in the government and NZDF. This included “political” activities deemed inimical to the NZDF image or reputation.

Whether it was included in the original version or added some time later (perhaps very recently), that definition of subversive threats is astounding. The language used borrows directly from the lexicon of the Pinochet dictatorship and Argentine Junta. It completely ignores the concept of press freedom in a democracy, which is premised on the autonomous separation of the media and the military as institutions. It lumps in so-defined subversive threats with physical threats to operational security in the field. That makes those identified as subversives enemies rather than adversaries, which allows them to be treated accordingly.

The wording of the passage about subversive threats in this manual says more about those who drafted it and the NZDF leadership that allowed it to become doctrine than it does about any real threat posed by journalists to the NZDF or government. Being embarrassed by critical reporting is not akin to being shot at. Even if written in the fevered years immediately after 9/11, the authors of that passage (and presumably others in the manual) display an authoritarian, anti-democratic mindset that is fundamentally inimical to democratic civil-military relations and, for that matter, democratic military professionalism.

Chris Trotter has noted that the NZDF, as a military organization, is authoritarian in nature and thus inherently un-, if not anti-democratic. I respect his view but disagree to an extent. Virtually all social organizations are hierarchical in nature–families, churches, private firms, unions, schools, bureaucracies, political parties and yes, the armed forces, police and intelligence agencies. That makes the egalitarian bases of democratic political society unlike virtually all other forms of social organization.

In other words, we are socialized in a hierarchical world and it is democracy as a political form that is the unnatural outlier.

Even so, although hierarchy can and often does tend towards authoritarianism, in democracies social organizations that are hierarchically constructed bow to the egalitarian meta-logic that posits that in their political interactions they are bound by notions of mutual respect, independence, corporate autonomy and non-interference. That is, they practice at a meta-level what they do not at the macro or micro-levels: in their interactions with each other groups forgo the hierarchical disposition that characterizes their internal governance.

This is important because the NZDF field manual that Mr. Hager exposed and whose existence is now confirmed by the government displays an authoritarian mindset and operational perspective that transcends the necessary hierarchy of NZDF organization. The NZDF is not inherently authoritarian because it is hierarchical in nature, but because, if the spying allegations are correct in light of the manual’s language about threats requiring military countering, its leadership displays an authoritarian disposition when it comes to things it finds objectionable, including pesky reporters (I shall leave aside Mr. Trotter’s remarks about military allegiance to the Queen rather than government or citizenry, although I take his point as to where its loyalty is directed and the impact that has on its transparency and adherence to democratic norms).

In sum: Consider what the manual says with regards to subversive threats in light of the well-publicized NZDF attacks on Mr. Stephenson’s professional and personal integrity that resulted in the defamation trial recently concluded (attacks that could well fit within the “counter-intelligence operations” recommended in the manual). Add in the claims by Mr. Stephenson that a senior military officer uttered death threats against him (the subject of a police complaint in 2011 that was not actioned). Factor in the NZDF admission in the defamation trial that it tracked Mr. Stephenson’s movements along with the possibility that the NZDF did acquire and utilize Mr. Stephenson’s telephone communications records in a capacity other than to detect tactical threats to units in theater. Further include Mr. Hager’s findings in his book Other Peoples Wars, in which the NZDF was seen to disregard government instructions regarding its conduct in foreign theaters and collaborated extensively with US intelligence (both military and civilian) in places like Bamiyan in spite of its repeated denials that it was doing anything other than building schools and roads in that province.

The conclusion? In light of this sequence of events it is very possible that the NZDF  has systematically operated in an unprofessional and anti-democratic fashion for at least a decade, and particularly with regard to Mr. Stephenson.

This is a serious matter because it gives the impression that the NZDF has gone rogue (assuming that the governments of the day were, in fact, unaware of the language in the field manual or of the alleged spying). Rectifying this institutional anomaly is important. How to do so is critical.

It is not enough to blame the previous government and retired NZDF commanders for the manual, then excise the offending passage while maintaining that no NZDF records of spying on Mr. Stephenson exist. Instead, the NZDF leadership during this time period needs to be held accountable for allowing anti-democratic attitudes and practices to take root within it and, if need be, action needs to be taken against those who authorized the language of the manual and/or the spying if it happened. Only that way can confidence in NZDF accountability and commitment to democratic principles be restored.

In order for any of this to happen, yet another inquiry needs to be launched. Given the debates about the GCSB and TICS Bills and ongoing concerns about Police and SIS behaviour, that says something about the state of New Zealand’s security community at the moment.

 

 

The political logic behind National’s proposed GCSB reforms.

Posted on by
11

This weekend there will be national protests against the National government bills amending the 2003 GCSB and 2004 TICS Acts. Although the protests have garnered broad support across the political spectrum, they are likely to turn into generic rant fests against capitalism, imperialism, colonialism, and assorted other maladies rooted in the war-mongering Zionist 9/11 insider white corporate propertied Trilateralist patriarchy rather than a focused argument against the extension of the GCSB’s domestic spying powers. That is because the organizers, in Auckland at least, are the usual suspects seen at pretty much every protest, and who have agendas that supersede concerns about espionage.

The dress code will largely be black, with Vendetta masks optional.

In a way it is natural for the so-called rent a mob to take charge of the anti-GCSB protests. After all, they have the organizational capability, collective commitment and personal experience in doing such things, so who can blame them if they attach a few other grievances to the major subject of the protest? Who else can pull together major rallies on short notice, including the logistics of using public spaces, channeling marchers, making banners, supplying audio equipment and providing speakers? Most of those who have comparable skills are not exactly the types who would want to be part of such a “progressive” demonstration, and certainly would not want to be associated with the organizers of these protests (I am thinking of church and conservative groups here).

Having said that, this post is about what is likely to be a very effective National strategy for getting its proposed reforms passed in spite of the groundswell of opposition to them. It works like this:

National introduced reforms that grossly expand the GCSB’s powers of domestic espionage, using changes to the TCIS Act and the need for “infrastructure protection” as part of that new charter. It threw in some very minor cosmetic changes using the Kitteridge Report as a point of reference. It went for the overreach, proposing to allow, with cabinet approval, the GCSB to spy on behalf of agencies that have nothing to do with national security as well as conduct warrantless espionage on foreign entities and persons, to include NZ citizens employed by foreign firms and agencies (be they diplomatic missions, NGOs or private firms). It demands that telcos provide apriori backdoor access to their cable infrastructure for the purposes of both targeted and meta-data mining.

There is much more but this is the gist: it no only retroactively legalizes the illegal spying done on Kim Dotcom. It extends the scope of that type of spying much further. And as before, all of the domestic data collected under the new Acts can and likely will be shared with foreign intelligence partners, particularly those grouped in the 5 Eyes network.

National knew that Labour and the Greens will oppose the Bills for political and principled reasons, respectively, but does not care because it knew that it only had to win over Winston Peters or Peter Dunne to secure passage of the legislation. Since both of these one man shows are political opportunists at best, a few bones thrown their way in exchange for minor concessions was seen to do the trick.

As it turns out, Dunne leapt/caved first. In exchange for more cosmetic changes in oversight and reporting (none of which fundamentally alter the way in which the NZ intelligence community operates or the scope of its operations), the setting of a 2015 date for a general review of the NZ intelligence community and one significant backdown (the removal of cabinet authorization for GCSB assistance to agencies other than the Police, SIS and NZDF, which will now have to be authorized via legislation), Dunne has pledged his vote for the Bills. They can now pass essentially intact.

A brief aside: It would have been worth considering allowing the GCSB to render assistance by charter to agencies such as Customs and Immigration as well as the SIS, Police and Defense because they clearly have a national security role. Moreover, it may not be widely understood but the GCSB offers more than equipment and technicians to its counterparts. It has linguists, interpreters, engineers and other specialists in its ranks who can be of use to domestic security agencies on a case by case basis. The Dunne concessions do not address the how, why and when of any of this.

Getting back to the main theme, National knows that by pushing a maximalist line with regard to the expansion of GCSB powers it could accept something moderately less without discernible harm to its overall intent. Besides Dunne’s and Peters’ venality, it relies on generalized public apathy regarding the issue (although it must have been surprised by the extent of opposition that eventuated, especially from high-profile groups and persons), and it knows that it can dismiss any opposition as naive, politically motivated or both (which John Key has now done, and which this week’s protests will confirm in the minds of those supportive of or undecided about the proposed changes).

National also knows that should there be change of government in 2014, it is unlikely that a Labour/Green coalition will have intelligence community reform as a priority. If its modern history is any indication Labour will be quite comfortable with the amended legislation. Recall that it was under the 5th Labour government that most of the dubious GCSB spying on 88 NZ citizens and residents was done, and Labour will be able to use the revamped GCSB powers for its own purposes should it feel the need to. It is naive to believe that different governments do not have different intelligence priorities, something that is manifest in intelligence agency tasking.

One only needs to think of the role of the SIS in the Zaoui case and the suspected role of both the SIS and GCSB in the Urewera case to understand the concept as well as Labour’s disposition when it comes to such things. With National the shift in intelligence priorities is seen in its focus on commercial relations, to include patent and copyright issues that have little to do with national security but all to do with alliance relationships. Either way, governments call the shots when it come to intelligence priorities.

Labour and the Greens will have reversing other National policy reforms as the first order of business, be it the Holidays Act, aspects of the Employment Relations Act, issues connected with Health, Education, WINZ beneficiaries, public sector employment, economic use of public lands, etc. That list has far more immediate domestic political impact than revisiting the GCSB and TCIS Acts, especially if the expanded powers granted the GCSB are used with a modicum of discretion and selectivity.

Should Labour and the Greens assume government in 2014, they are saddled with running the 2015 general inquiry about the NZ intelligence community. That will take public time and political capital, which leaves less of each for the promotion of other initiatives. This could leave a Labour/Green government spread thin when it comes to imposing legislative and policy agendas, especially when considering that the partner’s priorities do not universally coincide in the first place (less so when other minority parties are involved). That could undermine the stability of the coalition, wreak their overlapped policy platforms, make for internecine conflict and set the stage for a National return to government in 2017.

Barring some unexpected reversal of fortune in the next few weeks, when it comes to domestic espionage and the GCSB’s expanded role in it, what we have here is a done deal. The Bills will pass. There will be more spies amongst us.

National’s short-term political logic looks to have proven correct, so far. Time will tell if its longer-term strategy will pay off as well.

Better to pause than to rush.

Posted on by
12

The Parliamentary Select Committee hearings on the Bills to amend the 2003 GCSB Act and 2004 Telecommunications (Interception Capability and Security) Act have begun this week. There is much interest in the hearings not only because of the content of the Bills under consideration, but also because they are open to the public. The cast of characters scheduled to present is as colorful as it is deep: Kim Dotcom, the CTU, the Law Society, Internet NZ and several telecommunications firms are among those representing.

Even so, some of the public discussion surrounding the proposed reforms has been stunningly stupid. In recent weeks the Herald featured two editorials supporting the proposed changes. The first claimed that the changes would help prevent a Boston Bombing scenario (a claim that the Prime Minister has parroted; Winston Peters prefers to use the train station bombing hypothetical). That ignores the fact that US intelligence agencies could not do so even with their massive meta data-mining schemes and a tip from Russian authorities. Nor could they prevent the Fort Hood massacre even though the perpetrator was in regular email contact with an al-Qaeda leader in Yemen prior to the shooting.

Worse yet, the Prime Minister and others such as this editorial writer make it seem as if counter-terrorism is the primary function of intelligence operations. It is not. Traditional inter-state espionage, no matter what the technologies used, remain the major part of intelligence work. The counter-terrorism angle provides a convenient fig leaf for the expansion of intelligence networks and the scope of their authority, but in reality occupies a relatively small amount of intelligence resources and attention. This is particularly true for countries that are not on the front lines of the so-called “war on terrorism.”

The second editorial, by a supposed former intelligence officer, claimed that those who oppose the Bill are scaremongers and uninformed, even though the Law Society, Internet NZ and several other professional groups have registered their opposition on legal as well as technical grounds. The author also asserted that because civil servants drafted the proposed changes, we should accept them in good faith. Yeah right.

I beg to differ. There is clearly a need to “tidy up” the legal framework governing GCSB activities on home soil because under the current Act the role of the GCSB in domestic espionage is murky. But civil libertarians and privacy rights activists have legitimate reason to oppose the GCSB Bill in its present form.

The Bill expands the terms and conditions under which the GCSB can engage in domestic espionage, including reasons that have nothing to do with national security and for agencies unrelated to it. Those responsible for issuing the warrants under which the GCSB would “assist” domestic agencies would be those who currently do so, in a cross-signed fashion in the case of spying on New Zealand citizens and residents. If the targeted entity falls under the foreign intelligence collection mandate of the GCSB (which targets “foreign entities,” in New Zealand, including private firms as well as diplomatic missions), warrantless intercepts can be authorized even if they extend to New Zealanders.

In light of past excesses and mistakes it is evident that leaving warrant issuance to the Prime Minister and a retired judge (the Commissioner for Security Warrants) is pure folly even when done in combination. These are the individuals who were on watch during the Dotcom raid and, in the case of the Prime Minister, claimed ignorance after the fact as to how and why the GCSB became unlawfully involved in it.

The definition of threat to national security under which the GCSB would act is too nebulous and broad to prevent mission creep into common law enforcement and encroachments on individual and group privacy. For example, under the proposed legislation the GCSB could assist the Department of Primary Industries to spy on environmental activists on behalf of fishing, logging or mining interests if their protests were deemed injurious to the economic well-being of the nation, which can be construed as a threat to national security under current definition of the term.

The oversight mechanisms proposed by the Kitteridge Report are a veneer on what currently exists. Even if bolstered by a Deputy and some additional clerical staff and funding, the Inspector General of Intelligence and Security is simply too dependent and too powerless to effectively serve as the overseer of the New Zealand intelligence community. Absent effective independent oversight such as that which could come by making the Inspector General’s office a Department of Parliament responsible to a Parliamentary Committee with powers of compulsion under oath, the room for unaccountable manipulation of intelligence flows and analysis remains great.

The Telecommunications (Interception Capability and Security) BIll that accompanies the GCSB Bill is more draconian than similar legislation under the US Patriot Act. It compels telecommunications companies to provide access to their source and encryption codes (that is, provide warrantless access before the fact to private accounts when no threats are evident). It authorizes GCSB espionage operations without the consent of affected private entities as part of its “information assurance and cyber assurance” function, which is designed to safeguard a broadly defined information infrastructure consisting all forms of telecommunications emissions, systems and networks. In other words, one way or another the GCSB would have the ability to surreptitiously monitor all New Zealand based telecommunications regardless of whether or not they involved clear threats to national security.

Since New Zealand is not a major target of inter-state cyber espionage or in the so-called war on terrorism, that is an overreach. India, Brazil, Italy, Spain, Canada, Germany and many other democracies who arguably are much more at risk for espionage and terrorism do not have such legislation. In most the separation of foreign and domestic espionage is made quite clear in law, with the latter carried out mostly by the Police, national gendarmes or local investigative agencies with help from foreign-focused intelligence agencies only in the most exceptional circumstances (even then, agencies like Interpol exist as the first line of recourse used to facilitate international crime investigations).

What is the problem in requesting voluntary telecommunications company cooperation with national security investigations, particularly when they are clearly focused on clear and present threats? What telecommunications provider would refuse such a request, especially if issued under warrant specifying the reasons? If such a system works for the countries mentioned above, why can it not work here?

The official presumption in the T(ICS) bill that telecommunications firms need to be compelled rather than be allowed to voluntarily cooperate with intelligence agencies on matters of national security says more about the disposition of the government than it does about that of the firms involved.

By expanding the GCSB’s domestic “assistance” role in two capacities (information assurance and cyber security to public and private entities as well as technical assistance to sister agencies), the proposed changes run the risk of deviating it from its main foreign signals intelligence and counter-cyber espionage efforts. It will add a further burden to it’s already stretched staff of analysts, engineers, linguists and cryptographers. Since increased funding and recruitment are circumscribed by the present climate of fiscal austerity, it does not appear likely that resources for the GCSB will be increased commiserate with the increase in its domestic assistance authority.

Interestingly, the GCSB and T(ICS) Bills were proposed soon after issuance of the Kitteridge Report on the GCSB, which was driven by the unlawful electronic monitoring of Kim Dotcom and associates by that agency. Given the level of detail in the Bills, that suggests that they were drafted before Ms. Kitteridge’s findings and recommendations were finalized. This contradicts the government’s claim that the Bills came in response to the findings of that report.

In a world in which threats are increasingly “intermestic” or “glocal” in nature and in which the boundary between national law enforcement and international security is increasingly blurred, there is reason to adjust the legislative apparatus governing the role, scope and functions of the New Zealand intelligence community, including its international commitments. At present the GCSB and sister agencies appear rudderless, unsure of who and what purpose they serve, much less how they should prioritize their essential responsibilities.

This is why a full inquiry into the New Zealand intelligence community is needed before any reforms are made to its legal architecture, especially given that the last review of New Zealand intelligence operations occurred in the 1970s.

The inquiry could well start with exploring what New Zealand’s threat environment consists of now and in the near to medium future, including proximate and distant threats of a physical (environmental and epidemiological), economic, military, diplomatic and criminal nature. It could then turn to outlining the specific meaning of “national security” in light of these threats (with the balance between minimalist and expansive definitions of national security needing to be debated and precisely defined).

It might consider how current policy decisions or orientations can set the stage for the emergence or facilitation of future threats (such as by trying to play off trade and security relations with competing great powers as a form of hedging or strategic balancing act). Having done that, it could proceed to review the way in which the intelligence community operates so as to offer prescriptions for its better tailoring to the threat environment extant and foreseeable.

Much has happened since the last intelligence review, both in terms of the nature of national security threats as well as the technologies they employ and those used to counter them. It is therefore prudent to pause and review how New Zealand intelligence operations are conducted rather than rush to pass legislation that retroactively exculpates past unlawful behavior by the GCSB while expanding the reach of those who authorized it.

 

A short version of this essay appeared in the New Zealand Herald on July 2, 2013 under the title “GCSB bill going too far too fast.”

Withdrawal from Echelon: a realistic watershed moment in intelligence reform or Left political posturing?

Posted on by
18

In light of the attention brought to matters of intelligence collection and analysis in recent months, it is entirely reasonable for the Greens and Labour to demand a fill inquiry into the organization, role and functions of the New Zealand intelligence community, including its responsibilities and obligations in international intelligence networks such as Echelon/5 Eyes and other less publicized arrangements. As the Kitteridge Report noted with regard to the GCSB and what the Zaoui case demonstrated in the case of the SIS, there were or are serious deficiencies in both agencies. These are as much if not more managerial than operational, but the truth is that a review of the entire intelligence community is overdue in light of the changing realities of intelligence gathering in the 21st century.

That is why the National government’s attempt to pass reforms to the 2003 GCSB Act that extend its domestic powers and scope of authority, coupled with the proposed Telecommunications (Interception Capability and Security) Bill that would, among other things, force telecommunications firms to provide backdoor access to their source and encryption codes, needs to be delayed until such time a proper inquiry into the entire espionage complex is undertaken. Without full understanding of areas of strength and weakness in the system, it is impossible to knowledgeably address the proposed reforms in the way signals intelligence is gathered and used in and by New Zealand, much less how it should be balanced against rights to privacy and institutional accountability.

As part of the calls for the inquiry, some on the Left have proposed that a review of New Zealand’s participation in Echelon be undertaken. Some have gone so far to say that it could become another watershed moment such as that surrounding the 1985 non-nuclear declaration. Presumably the watershed would be occasioned by a withdrawal from Echelon.

As much as I think that a review of New Zealand’s role in Echelon is welcome, especially in light of the Kim Dotcom case and recent revelations about mass scale meta-data mining by the US National Security Agency (and the meta-data mining by the GCSB revealed by the Kitteridge Report), I think that it would be absolute folly to withdraw from Echelon. Changes in the terms and conditions of New Zealand’s participation in Echelon may be warranted, but a full withdrawal from the signals intelligence-sharing community composed of the US, UK, Australia, Canada and NZ seems foolish.

I will not reiterate here the early warning, big picture and deep insight benefits that NZ accrues from being an Echelon partner. What I will note is that it has been a partner in Echelon for more than three decades, and as such shares some of the most guarded secrets, both historical and contemporary, of the Anglophone intelligence community. This includes methods, technologies, locations and sources for signals intelligence collection as well as the content of specific subjects of interest.

The Echelon partners will take a very dim view of these secrets suddenly becoming insecure as a result of a NZ withdrawal from Echelon. No matter what assurances may be given or what phased devolution of responsibilities is proposed, they are bound to fret about classified Echelon information falling into hostile hands as a result of that decision. That will likely prompt a full scope defensive counter-response to minimize the possibility of damaging or sensitive material falling into the “wrong” hands.

That response will far outweigh the diplomatic estrangement caused by the non-nuclear declaration (which ultimately amounted to a freeze on bilateral military-to-military contacts but which did not alter intelligence sharing or diplomatic relations in any significant measure). The negative consequences of withdrawal from Echelon will be felt in the intelligence arena, but will also be felt economically, militarily, and most definitely cyber-electronically, and will not just come from the other 5 Eyes partners.

Under a Labour/Green government that decides to withdraw from Echelon, New Zealand might seek to hedge its bets by establishing intelligence sharing ties with the People’s Republic of China or Russia. The first would complement the economic re-orientation towards the PRC in recent years, whereas the latter would cultivate relations with a long-term and now resurgent Western adversary (which is now in the process of re-deploying submarines to the South Pacific for the first time in over 20 years). Either move would show a clear commitment to diplomatic re-alignment away from traditional partners and towards Eurasia, something that would nicely complement the primary geographic focus of NZ’s trade-oriented foreign policy (we should remember that NZ is in the early stages of negotiations with Russia on a “free” trade agreement).

For both Russia and the PRC, gaining access to Echelon data would be invaluable even if the remaining 4 Eyes are forced to completely overhaul their systems in order to limit the damage caused by a NZ “flip.” In fact, the repercussions from such an act might force NZ to seek the security protection of either great power. One assumes that for this to happen the NZ public will be comfortable with the shift in alignment.

It is less probable that other Western nations such as France or Germany would want to jeopardize their relations with the Echelon community by entering into an alternative signals intelligence-sharing arrangement with NZ. Perhaps rising powers such as India, South Africa or Brazil might want to take advantage of the window of opportunity, but that also seems unlikely.

That is why I believe that the speculation about an inquiry into the intelligence community resulting in a “watershed” NZ withdrawal from Echelon is poorly considered. Escaping international commitments of any sort is fraught in many ways, and in order to do so the benefits of reneging must clearly outweigh the costs. The decision must enjoy broad support and be politically sustainable at home as well as abroad.

In that light, the benefits of a withdrawal from Echelon are uncertain and the downside of withdrawing from such a long-term and highly sensitive international security commitment is too great and too obvious for such talk to be anything but ignorant or Labour/Green posturing in the build up to next year’s elections. If that is the case, it undermines the Labour/Green bid to have a full inquiry into NZ intelligence community reform because there will be little support outside of select party factions for a move to withdraw from Echelon, and any reform initiatives that include that possibility will not be taken seriously.

It would therefore seem best for the Greens (in particular) and Labour to stifle such speculation from within their ranks in order for their calls for a full inquiry into the NZ intelligence community be given due consideration. That still leaves much room for review, but has a better chance of garnering broad-based support than by continuing to entertain thoughts about watershed moments.

Improving intelligence oversight.

Posted on by
1

Now that the Kitteridge and Neazor reports have been tabled, discussion can more fully proceed to the issue of intelligence oversight. The government has proposed bolstering resources for the Inspector General of Intelligence, and adding a Deputy Inspector General to what until now has been a one man shop. That is a step in the right direction, but it falls very short of the mark when it comes to robust, independent intelligence oversight mechanisms. Here I outline one way of achieving them.

Currently the IG is dependent on the NZSIS and GCSB for resources and cooperation and answers to the Prime Minister. That puts him at the interface between politics and operational matters in a chain of responsibility, which reduces his freedom of action.

The IG’s office should be strengthened in terms of staff and moved to become an agency of parliamentary services. It will answer to the Parliamentary Committee on Security and Intelligence, although its staff and funding source will be independent of the Committee. The Committee will have powers of compulsion under oath that allow it to force intelligence managers to release operational details or classified information to it upon request. It would meet at least once a month and receive scheduled classified briefs from the directors of the SIS and GCSB as well as senior managers in the DPMC handling intelligence flows. At any time the Committee would be able to order the appearance in special session of officials from the Police, Customs, Immigration, Treasury and other agencies that employ intelligence collection and analysis services.

All of this would require that the staff of the committee as well as that of the IG have security clearances akin to those of personnel employed by the agencies being overseen. That will require background checks and security vetting of staff. Members of the Committee would be required to sign secrecy oaths under penalty of law.

The transition from the current ineffectual oversight mechanisms to something more effective will take time and money. It will therefore be resisted not only by the agencies being overseen (who naturally will be discomfited by increased scrutiny from agencies unattached to the Prime Minister). It will also be opposed by political sectors focused on cost-cutting, quick results, or maintaining the current system because of the weight of institutional legacies and/or advantages it gives governments when it comes to the interpretation and implementation of intelligence priorities. But it is certainly worth doing.

The time is opportune for change. The sequels to the Dotcom case have exposed serious problems in the political management of intelligence issues as well as deficiencies in the conduct of intelligence operations. The government has proposed significant changes to the 2003 GCSB Act, particularly section 14, that will have the effect of strengthening the GCSB’s powers of internal (domestic) surveillance at the behest of other agencies–foreign and domestic. The justification for this rests on the increasingly transnationalized nature of security threats, whereby the intersection of local and international crime, foreign corporate and political espionage, irregular warfare networks and non-state actors makes much more difficult precise definition of what constitutes a domestic as opposed to foreign intelligence concern. These are grey area phenomena, and the response cannot be given in black and white.

I agree that the security threat environment has changed and is much more “glocal” or “intermestic.” I agree that it requires statutory revision in order to better account for the changing nature of intelligence operations under such conditions. What I am proposing here is a parallel revamp of oversight mechanisms that promote more independence, transparency, accountability and compliance at a time when the scope of intelligence agency authority is being redefined and expanded well beyond traditional espionage operations.

The issue is worth debating and therefore should be the subject of a larger inquiry such as proposed by Labour and the Greens. If nothing else the Kitteridge and Neazor reports can be used as the starting point for a more thorough discussion of the role, functions and purview of NZ intelligence agencies given the changed nature of the threat environment and the equally compelling need to maintain  a better measure of democratic accountability than has heretofore been seen.

 

CRIB 19

Posted on by
2

Phil Goff is in the spotlight for supposedly leaking the results of a suppressed NZDF inquiry into the suicide of a soldier in Bamiyan Province, Afghanistan, on April 3, 2012.  From what I can tell, what Mr. Goff has publicly commented about had already appeared in various media, so I do not believe that he leaked any suppressed details.

The inquiry focused on the deployment of the NZDF rotation to Bamiyan known as CRIB 19 (September 2011-April 2012). Besides the suicide, the inadequate training of CRIB 19 prior to deployment to Bamiyan has already been reported (as have complaints about the training of the ill-fated CRIB 20, which suffered five combat deaths in two ambushes). CRIB 19 only had three weeks (rather than five) of training prior to deployment (a 40 percent reduction), with some modules apparently taught on the flights into the theater or upon arrival. The deployment was also abruptly extended from six to eight months. The soldier killed himself in the last month of that extended deployment.

It appears that the NZDF is trying to suppress a full report on the command failures involved. The excuse that CRIB 19 could not receive full training prior to deployment due to RWC duties is laughable and an insult to the public’s intelligence. For example, since rotations to Bamiyan were planned well in advance, does it really seem plausible that those designated for deployment were diverted to crowd control and other logistical support connected to the RWC rather than to combat or at least conflict zone preparations? With a complement of 6000 Army and another 6000 in the Air Force and Navy, could not 100-200 soon-to-be deployed soldiers and sailors been spared RWC duties?

Given that there were/are serious hand-off and hand-on issues involving PRT/NZDF command leadership and personnel changes in foreign theaters, can it be true that the RWC threw a spanner into what was by that decision time an opened and extended international security commitment known locally as a longer tour of NZDF duty and commitment to major ISAF allies?

Put shortly: did successive New Zealand governments commit troops to Afghanistan (and Bamiyan) under false or changing pretenses and then blamed rugby for the contradictions in its policy enforcement?

As an aside, it should be noted that the size of the NZDF PRT contingent grew steadily over the years, from around 50 in the first rotation to nearly 200 in the last. That is one indication of the deteriorating security situation in Afghanistan during the course of the Bamiyan PRT mission. It would also indicate that more rather than less conflict-related training prior to deployment was advisable given the obvious mission creep.

If CRIB 19 personnel were diverted to RWC duties to the extent that their training time was shortened before they deployed into a combat zone and then their deployment was extended by two months without notice and without the usual leave provisions, then that is a command failure. Worse yet, if–and I emphasize that this is only an if–the training time was shortened as a  result of cost-cutting measures undertaken by the NZDF as part of the government’s across-the-board spending cuts, then it was a political as well as a command failure. Whatever the case, the reasons for the shortened training needs to be explicated in better detail than the simple “they were on RWC duty” line.

After all, sending people into harms way without adequate training is nothing short of criminally negligent.

Whatever happened to the disinfectant impact that the light of public scrutiny has on government (and this case NZDF) behavior? If ever there was a need for such light, it is in the case of CRIB 19.

Trust in spies.

Posted on by
22

A recent TVNZ Colmar Brunton poll showed that 32 percent of those surveyed had little or no trust in New Zealand’s intelligence agencies, 32 percent had much or complete trust in those agencies, and 33 percent were lukewarm either way (with 3 percent undecided). That means that 65 percent of respondents were less than strongly trusting of New Zealand’s spies. This is a remarkable degree of public skepticism of intelligence organizations in a democracy.

The Prime Minister has said that the New Zealand intelligence community has to work hard to regain public trust. He is wrong, or is just being politically polite.

Unlike agencies such as the Land Transport Authority, Police, Fire Service, Health Boards, WINZ and Education, which provide direct goods and services to the public and which depend on public trust in order to operate efficiently (notwithstanding the well-known problems afflicting at least some of these “direct provision” agencies), the intelligence community need not concern itself with expressions of public trust. That is because the service that intelligence agencies provide as ostensibly commonweal organizations (i.e. ones that serve the universal public interest), although for the general good in the last instance (at least theoretically), is not provided directly or even openly. Instead, the intelligence agencies answer to the government of the day as the representative of the public will and provide their collection and analysis skills to the government for the national good as defined by their charter and the government’s interpretation of it.  They do not need the public’s trust in order to operate efficiently because most of what they do is away from the public eye.

Thus, in the first instance, the trust of the government is what matters for the spies. In this the intelligence community has an advantage because politicians elected into government are generally not conversant with intelligence matters and therefore are susceptible to espionage agency “capture:” the information that the spies provide gives the political elite a privileged window on the world, so they are most often reluctant to critically dispute the view.

More importantly, New Zealand’s intelligence sharing partners must have strong levels of trust in its spies. Without that, New Zealand’s access to allied intelligence sharing may suffer because foreign partners will be reluctant to risk placing sensitive information in the hands of untrustworthy people. The saving grace for New Zealand’s spies is that the years of relationship-building with its intelligence partners could allay the latter’s fears of incompetence or unprofessionalism on the part of the former.

On the other hand, even long standing relationships can be damaged by breaches of trust. This could well be the case in the wake of the Dotcom scandal, where the case against the internet magnate is crumbling in light of disclosures of illegal warrantless wiretapping by the GCSB (which makes evidence collected by those wiretaps inadmissible). Between the GCSB’s failures to follow its own basic protocols with regards to eavesdropping requests from sister agencies, coupled with the over the top nature of the raids on Dotcom’s residence (which included the presence of armed FBI agents and the detention of women and children by armed police), it is unlikely that any NZ judge will grant the US extradition request. That means time and resources spent by the US and NZ on pursuing the case against Dotcom will be for naught.  The GCSB failings are bound to be noted by New Zealand’s intelligence partners, who will wonder about the assurances given by the GCSB and Police (and more than likely the SIS) that their course of action would not be subject to legal challenge or public scrutiny.

The bottom line is one of vertical and horizontal accountability. In democracies, governments are held accountable by the electorate (expressed both individually and collectively). That is the vertical dimension of accountability. Under that government, public agencies are accountable to each other via a system of checks and balances. That is the horizontal dimension of democratic accountability, which is used to cultivate the public trust that is key to vertical accountability.

In New Zealand there is very little horizontal accountability between the intelligence community and other parts of government, to include parliament and the judiciary (and perhaps even the executive in specific instances). This makes its agents (to include the GCSB and SIS) even less vertically accountable than in most liberal democracies, where oversight, compliance and accountability mechanisms are much better developed.

As a nation-state New Zealand is also accountable to its diplomatic and security partners. That is another facet of horizontal accountability, writ large. New Zealand’s foreign partners must have trust in its diplomatic, military and espionage agencies in order for their mutual relationships to prosper. So long as they do, domestic trust is of secondary importance. But for that to happen, New Zealand’s intelligence community must be able to deliver on what it promises, which means that it must offer iron-clad guarantees that its activities will not be the subject of contentious public or political debate that can jeopardize ongoing intelligence collection and analysis operations

Thus, on the one hand, the poll results are not as worrisome for the government as may appear at first glance. So long as the New Zealand intelligence community and its component parts have the trust of its allies, then it will suffer no harm as a result of the public loss of faith in it. But should foreign partners come anywhere close to exhibiting the flat bell curve of trust that characterizes the results of the TVNZ survey, then New Zealand could well find itself excluded from at least some of the sensitive intelligence flows that are the ostensible reason for its participation in the Echelon/Five Eyes network, to say nothing of the wider intelligence community of which it is part.

As for the domestic side of the equation: a nation of sheep is led by the sheep dog.  The sheep dog is the government, of which intelligence agencies are part. The shepherd is the institutional system of checks and balances that govern intelligence gathering and analysis, to which the government of the moment is subject. Absent such effective oversight, compliance and accountability mechanisms, sheep are always at the mercy of an unrestrained and unaccountable dog.

 

Media Link: More GCSB weirdness.

Posted on by
16

I was interviewed on Radio NZ about the controversy surrounding the appointment of Ian Fletcher as GCSB director. I had to leave out a number of important points like the need for objectivity and political neutrality in intelligence operations, or how the PM could have had a surrogate reach out to Fletcher rather than get personally involved in his selection. Otherwise, the gist is here.