Tag Archives: GCSB

Reminder: “Frenemies” are not friends.

Posted on by
3

News that the Chinese ATP 40 cyber-hacking unit penetrated parliamentary internet networks in 2021 has renewed concerns about the PRC’s malign intentions in Aotearoa. But is the hack that significant given the length of time that has passed since its discovery and the lack of sensitivity of the information that was accessed?  I was asked to write about this for a corporate news outlet but since it is my work I have added some details and posted it here.

The hack is unsurprising given that NZ is a 5 Eyes partner and parliamentary services and the parliament counsel’s office handle sensitive information as a matter of course. NZ may be a trading partner of the PRC but is in essence a security adversary given its membership in 5 Eyes and its close military alignment with the US, Australia and other Western states that are (whether rightly or wrongly) hostile to PRC power-projection world wide. Since the PRC is a main focus of 5 Eyes signals and technical intelligence collection, it would be remiss for ATP 40 to ignore potential avenues of exploitation when it comes to obtaining political or security-related intelligence in NZ. That is part of their mission, and complements the well-known presence of numerous PRC human intelligence agents in this country.

It is therefore reassuring that the GCSB National Cyber Security Centre (NCSC) discovered the hack and found that no strategically important or sensitive information was breached. We shall have to trust them on that. However, that does not mean that this will be the last time ATP 40 or some other PRC cyber-hacking unit will attempt to breach NZ government and private cyber defences. That is what they do, and because NZ has in the past been seen as the Achilles heel of the 5 Eyes network due to traditionally poor cyber security practices, it will likely do so again. This is an ongoing problem that the NCSC was created to address, but the offence versus defence dynamic inherent in (cyber) espionage and warfare is still in play and will continue to be so for the foreseeable future.

Some have suggested that NZ impose sanctions on the PRC in response to the parliamentary cyber intrusion. The US and UK have announced such measures due to similar PRC behaviour with regard to them (more on this below). However, for NZ that would be a mistake because sanctions at this point would be counter-productive. First, because it would be akin to poking a tiger and invite disproportionate retaliation over what is a relatively minor transgression in the broader scheme of things. Since NZ has yet to wean itself off of its self-made PRC trade dependency, it cannot afford to alienate it just yet, if ever, over an intrusion of this order.

Secondly, these type of breaches are usually handled quietly so that the offending party is not completely sure of how and why they were thwarted or countered. In other words, the GCSB does not want to show its hand when it comes to its counter-hacking capabilities. That the breach occurred in 2021 and only has been acknowledged now indicates that the GCSB feels that enough time has elapsed for operational security concerns to be ameliorated and a “fair warning” issued to the hackers that they are being identified, traced and countered. So there is no need to cause an inevitably damaging public spat with a much more powerful interlocutor. For all the coziness of the 5 Eyes members, no one will come to NZ’s economic rescue if the PRC decides to take punitive economic measures against NZ in the event that NZ tries to impose sanctions of some sort on its largest trade partner.

The timing of the GCSB announcement about the 2021 hack is also coincident with the US publishing the identities of ATP 40 hackers targetting US infrastructure and Australia and the UK warning of their and other Chinese political interference efforts in strong terms, with particular focus in the UK and US on PRC hacker compromises to voting systems in election years in both. The timing of the announcements about PRC hacking efforts therefore seems to be a 5 Eyes-coordinated “shot across the bow” that gives warning to ATP 40 and their counterparts that the times of easy access to critical data infrastructure, even if indirectly and even in NZ, are over. 

But that may be all that it is and not, at least in NZ’s case, a reason for NZ to escalate the matter beyond what it already has said and done. Chinese diplomats have been summoned to MFAT for a “please explain” and scolded for ATP 40’s misbehaviour. The PRC Foreign Ministry has rejected the accusations and warned about scurrilous attempts to besmirch the PRC’s good name. Perhaps it is time to let the dogs go back to sleep.

It remains to be seen if this type of State-backed cyber-probing ends because if nothing else the PRC hacking community is ingenious, well resourced and persistent. For them, this is part of the PRC’s ascent to having a multi-dimensional (voice and cyber encrypted communication intercept, physical and infrared (thermal) imagery aquisition, submarine fiberoptic cable “tapping,” capabilities, etc.), broad specturm, multi-domain (air, land, sea, space, cyber) warfare infrastructure on its way to achieving superpower status. As part of 5 Eyes, NZ is standing in the (albeit in a small) way of that goal. It was and is bound to be an ongoing target of Chinese espionage efforts, including in the cyber domain.

Ultimately the revelations about ATP 40s operations in NZ are a reminder against cyber complacency at home and at work, be in the public or private sectors. This is very true when dealing with so-called “frenemies,” that is, States with which NZ has cordial, even friendly relations on the public surface but with which underlying value systems and security relations are incompatible, strained or even hostile. So long as NZ is a member of the 5 Eyes network and the PRC is an adversary and target of that network even if it is NZ’s largest trade partner, ATP 40 and other PRC intelligence units will be hard at work seeking to discover and exploit any potential avenues of opportunity in NZ cyber-space as well as in other domains. It may be in that in the past “loose lips sunk ships,” but in the contemporary era all keystrokes, phone calls, encrypted messages, Tik Toks and Instas are also grist for the intelligence mill—and exploitable as such.

An earlier version of this essay appeared on March 27, 2024 in the NZ Dominion Post (the-post.co.nz, p.19) and affiliated media outlets.

Unnoticed guests.

Posted on by
6

The Inspector General of Intelligence and Security (IGIS) recently released a report in which he exposes the existence of a foreign intelligence partner-controlled technological “capability” inside the headquarters of the GCSB, NZ’s 5 Eyes-affiliated signals intelligence collection and analysis agency. The memorandum of understanding (MOU) governing the way in which this “capability” was used was negotiated from 2008 through to 2012, and the system went operational in early 2013. It continued to do so until 2020, when it supposedly suffered a systems failure and the equipment was removed.

The IGIS became aware of its existence while investigating an unrelated, different foreign partner-operated “capability” in the GCSB in recent years. What he found about the 2013-2020 “capability” was troublesome on several levels.

At a broad level, the IGIS appears to have indirectly confirmed what Edward Snowden revealed when he defected and leaked thousands of classified documents to investigative journalists in 2013. Those documents included descriptions of signals intercept programs such as XKeyscore, Speargun, Cortex and Prism, all of which were unknown to the public or most political leaders at the time and one of which may be the “capability” in question.

Negotiations over the MOU and entering into service of the “capability” occurred during the first two National-led Key governments. Key was the Minister for Intelligence and Security as well as PM at the time. The MOU assumed that the Minister of the day and perhaps cabinet would be informed of the “capability” following the “no surprises” policy in the Cabinet Manual regarding sensitive, controversial or security-related matters. The MOU specified that the GCSB would be informed of what the “capability” was doing in real time, what its end products/outputs were and to what purposes it was being used. The MOU was also supposed to be reviewed on a regular basis, but in fact it never was.

The “capability” was not a collection technology but an analytic mechanism to which the GCSB delivered collected inputs (intercepts) from a variety of sources. From time to time the foreign partner agency would send emails requesting “feed” settings changes on the “capability” that were done by GCSB personnel. The IGIS found evidence of 45 of these but believes there were more that went unrecorded due to faulty or patchy record keeping and, most troubling, the foreign partner agency unilaterally changing the “feed” settings on the “capability” from a remote location without notifying the GCSB.

That is just part of the problem. Whatever was intended to happen according to the MOU, in practice the Minister responsible for the GCSB–John Key in the first instance–was apparently never informed of the “capability’s” existence. Nor were any other members of the political leadership, even after the Intelligence and Security Ministerial position was divided into two (one responsible for day-to-day oversight and the other a a more general steering role). Worse yet, the senior GCSB leadership after 2013 were also kept in the dark about the “capability’s” existence. Some of that may have been due to the revolving door nature of the Director General’s (DGGCSB) position after the Kim Dotcom illegal spying fiasco of the early 2010s, where general “authorisations” were rubber-stamped by incoming DGGCSBs without paying attention to the details of what was being authorised. It is also possible that lower level technicians with hands-on roles regarding the “capability” assumed that middle management kept their superiors in the chain of command informed about the “capability” and its operational status when in fact no senior leader was the wiser about the system after in came on line. In addition, hosting of the foreign partner’s “capability” was within the law according to the 2003 GCSB Act regarding foreign intelligence sharing even if the GCSB leadership and political decision-makers were not informed about its presence. Everything was lawful and yet in violation of the MOU regarding the duty to keep Ministers and senior agency leaders informed.

Beyond that, problems remained. No legal framework or organisational protocols were developed regarding the “capability’s” usage. In fact, unlike another NZ intelligence partner country that had a similar technology installed on its soil, there was no institutional and legal frameworks developed by the GCSB and Crown Law to specifically govern the operation of the “capability.’ That meant that the “capability” was used without regard to NZ law and international legal commitments.

As an illustration of what could go wrong with this arrangement consider the following. The IGIS repeatedly mentions in his report the possibility of data from the “capability” being used for military purposes, targeting in particular. Even though “targeting” can refer to a number of intelligence-related activities beyond kinetic strikes against physical objects, the possibility remains that NZ hosted a technology that in fact may have been used to do so. Imagine a drone strike in Afghanistan using GCSB-collected data that was analysed and “packaged” by the foreign intelligence partner-operated capability located on NZ soil. Imagine that the drone strike wound up killing innocents as well as intended targets. That makes NZ culpable as an accomplice of war crimes because it was part of the kill chain even if it was not aware of being so.

That brings in the second troublesome aspect of the issue. Whatever the MOU intended, in practice the GCSB had no operational control over how the “capability” was used or what its end products were. Instead, it served as a type of maintenance engineer, maintaining the platform and changing “feed” settings on it upon request (and sometimes not even being aware that the settings were changed remotely). Evidence of the latter only became apparent when GCSB personnel noticed unexplained data outflows at odd times in which there were no setting change requests. Although this was discussed internally by those involved with the “capability,” it was never brought to the attention of the agency’s senior leadership, much less the Minister. It was only discovered by the IGIS during the course of his post-2020 investigations.

In effect, the problem with the arrangement governing the “capability” installed within GCSB headquarters in 2012 was two-fold: on an internal level there was no vertical accountability to their superiors inside and outside of the GCSB from those responsible for handling the technology. This is a gross violation of basic principles of democratic oversight of intelligence operations, where senior intelligence professionals and the decision-making politicians elected by the public are supposed to take responsibility for whatever choices are made regarding intelligence matters. In this instance both the political and civil service leaderships were ignored by their GCSB subordinates, who ran what could be called a type of “dark” operation within an already opaque agency when it comes to revealing or acknowledging its activities.

The second problem is one of sovereignty. The GCSB hosted a foreign espionage platform operated by an intelligence partner country without any meaningful level of scrutiny or control, legal or practical, over what that platform did. The GCSB knew about its technological attributes but little more, and certainly knew nothing about its uses and end products until, at best, after the fact (in just one instance as far as the IGIS could determine). Although the IGIS report does not mention the possibility, it is known that US personnel are regularly stationed at GCSB facilities and, according to the report, were involved in training GCSB personnel in the operation and maintenance of the “capability.” If US (presumably NSA) officers were inside the GCSB and involved in running the “capability” without the knowledge of GCSB leaders and the Intelligence and Security Minister, then the infringement on NZ sovereignty was great.

Think of it this way. Imagine that the CIA sent an undercover officer to work from within the SIS on a project tasked by the CIA. Although the MOU governing his/her work stated that the SIS would know about his/her activities and regularly review them, the SIS had no idea what the CIA officer did although it regularly provided him/her with various spycraft tools of the trade. The CIA officer answered and provided human intelligence to the CIA, which did not share with the SIS how the intelligence was used or what its end product or output was. The SIS “handlers” of the CIA officer did not inform their superiors about his/her presence and no one told the responsible Minister that s/he was even in NZ. How would people react to such news? Well, that is what has been revealed about the GCSB foreign “capability” program from 2013-20.

The irony is that had the “capability” been revealed to the responsible Ministers and GCSB leadership it would have most likely been approved given the nature of the NZ governments during that period and importance of NZ’s relationship with its 5 Eyes partners. Or, given how he governed, perhaps John Key told the GCSB that he did not want to know about sensitive operational matters because it gave him plausible deniability when asked about them. Maybe there was a bit of truth in both possibilities. Who knows?

Another interesting aspect to this story is that it is very possible that the “capability” was installed at the GCSB headquarters in Wellington because NZ’s looser intelligence and security laws at the time made it easier for the foreign intelligence partner to circumvent its own laws regarding certain types of signals intercept collection and analysis. The Snowden leaks detail instances of “bulk collection” and other types of whole-scale metadata gathering that much like some types of mass surveillance violate the right to privacy and presumption of innocence in most democracies. The IGIS report actually mentions metadata collection, albeit without specifics. It is therefore possible that the foreign intelligence partner took advantage of NZ’s looser oversight and legal control regime in order to do what it could not do at home.

One positive discovery by the ISIG was that as far as he could tell the “capability” was not used on NZ citizens or permanent residents. That reinforces the notion that the targets of the “capability” were foreign as well, military or not. Again, Snowden’s leaks alluded to this.

When the 2017 Intelligence and Security Act was promulgated, which superseded previous legislation like the 2003 GCSB Act and brought various legal artefacts into one body of legislation, things appear to have begun to tighten when it comes to internal oversight mechanisms within the GCSB and the SIS. Former GCSB Acting Associate Director General (and later SIS Director General) Rebecca Kitteridge and former Inspector General of Intelligence and Security Cheryl Gwynn were instrumental in this regard and met concerted resistance from the “old boys” ranks within both agencies. Although they resisted so-called “bureaucratic capture” by spy agency “old boys” institutional inertia was great and it ran against them. They made significant inroads when it came to reforming institutional culture and practices, but much more remains to be done.

Here the troubling aspect is also double-sided. One the one hand the culture of impunity within these agencies continues to exist, even if in diluted form. The IGIS had great difficulty obtaining records, documents and truthful statements about and from those involved with the 2013-20 “capability.” Even after leaving the GCSB, some claimed to not recall its existence even though they were directly involved with it. This indicates that they are more loyal to each other and their foreign partners than to the governments of the day and the people who paid their salaries when in government service. Wellington, there is a problem.

The second difficulty is that for all the tightening of internal oversight mechanisms, there still is no effective external oversight of the NZ intelligence community, and particularly of operational agencies like the GCSB and SIS. The parliamentary committee on Intelligence and Security remains a toothless gab-fest with no powers of compulsion under oath or any other other form of disciplinary enforcement powers levied on intelligence agencies for a lack of institutional candor or cooperation. Legal punishments for these agencies for breaking the law are limited to small fines and no personal punishments. That means that the bureaucratic culture of impunity within some elements of the intelligence community is rewarded rather than constrained because, quite frankly, agency personnel can get way with things that the rest of us cannot because they are the so-called “keepers of the secrets.”

As things stand, as far as the IGIS report mentions none of those responsible for managing the “capability” have been held to account or disciplined in any way. The suggested agency reforms proposed by the IGIS, all accepted by the GCSB, do not address the issue of individuals discipline or accountability. It seems that impunity is its own reward.

This extends to their incompetence. One of the provisions of the Royal Commission on the Christchurch terrorist attacks was that no one within the intelligence and security communities would be held responsible for failures of a personal or institutional nature. This was supposedly done to encourage people to talk freely about what was and was not known in the lead-up to the attacks, but instead what resulted was a highly sanitised whitewash of bureaucratic and personal responsibility for the intelligence failures that facilitated the carrying out of one of NZ’s worse mass killings in modern times.

In effect, the story about this foreign intelligence “capability” secretly operated from within the GCSB is one about violation of basic principles of democratic oversight of intelligence agencies, of an abdication of sovereignty to a foreign power when it comes to intelligence collection and analysis, and above all, of an ongoing culture of impunity within NZ intelligence agencies that do not appear to have learned the right lessons from the Zaoui, Dotcom or March 15 cases when it comes to behaving ethically and taking responsibility for the actions or inactions taken on their watch.

Which begs the question: in spite of all the post 2017 tightening of internal oversight mechanisms, will it be a matter of when not if before history repeats when it comes to an intelligence agency scandal?

The rot at the top.

Posted on by
24

When military leaders cover up and lie to elected civilian authorities, the foundation of democratic civil-military relations is undermined because it is those authorities who are entrusted to hold the military accountable to the public that they mutually serve. But this is only true if civilian political authorities take their responsibilities seriously and accept that when it comes to military operations the policy buck stops with them.

The same is true for intelligence agencies in democracies. While specific operational details remain within the agencies involved, the general policy guidelines for how they conduct those operations, and the responsibility for them, rests with a) the legal framework governing their activities and b) the elected civilian governments that are their overseers at any given point in time. For both the military and intelligence community, this means exchanging corporate or institutional autonomy-that, is, the ability to set internal standards, practices and objectives free from political interference–in return for submission to civilian political authority on broad matters of policy and accountability.

In recent weeks we have discovered, thanks to the Inspector General of Intelligence and Security’s report on NZ involvement in the CIA-operated extraordinary rendition/black site/torture program, that the NZSIS and GCSB received and supplied information that was directly linked to detainees who were subject to torture by the US and other allies in the coalition fighting al-Qaeda and the Taliban. The directors of these agencies at the time claim that their agencies did not know about the program even though they worked hand-in-glove with the CIA in Afghanistan and elsewhere and even though knowledge of the extraordinary rendition/black site program and the use of torture was in the public domain as early as 2004. From what is described in the IGIS report, it appears that NZ intelligence bosses had their own version of “don’t ask, don’t tell” when it comes to what the US was up to. As Richard Woods, former NZSIS director general, is quoted as saying in the IGIS report (I paraphrase here), “do you really expect us to ask the US directly about such things and risk our relationships with it?”

When confronted about this discrepancy by the IGIS the former directors maintained the high-ranking government ministers of the day were privy to all of the sensitive information regarding NZ’s intelligence relationships and that as agency directors they had no authority to engage in moral, ethical or legal judgements about what their allies were doing even if these actions violated NZ and international law–all while maintaining that they knew nothing about unmarked airplanes, black sites, torture and suspects being captured (including by the SAS) and then “disappeared” into the covert operations labyrinth.

That broaches the question as to whether former directors Richard Woods and Warren Tucker are simply lying (former GCSB chief Bruce Ferguson was a late arrival to the events under investigation and inherited his situation from Tucker) and prefer to put NZ intelligence relationships with the CIA ahead of their supposed duties to the NZ government and nation as a whole. Or, did the governments of the day, led by Helen Clark and John Key, know about the extraordinary rendition/black site/torture program and authorised and covered up NZ participation in it? It should be noted that Barack Obama ended the extraordinary rendition/black site/torture program shortly after he assumed presidential office in January 2009, so the bulk of NZ’s involvement with it happened under the 5th Labour government.

With regards to the NZDF, thanks to the book “Hit and Run” by Jon Stephenson with Nicky Hager and the ensuing Royal Commission of Inquiry into Operation Burnham (the subject of the book), we now know that the military brass did not inform (at best) or mislead (at worst) senior government officials about the possibility of civilian deaths in that mission until news of it became public (again, mostly thanks to the work of Mr. Stephenson in his series on NZSAS activities in Afghanistan). The NZDF story constantly changed as more was revealed, and the Inquiry has now found out that a critical NZDF document recognising the possibility of civilian deaths was “lost” in a secure safe for three years and that a register of who opened and closed that safe during that time frame somehow went undiscovered until this week. Former ministers in the Key government, which was in office when the mission was conducted, maintain that they were unaware of the existence of anything that would contradict the original NZDF version of events, which claimed that only “terrorists” were killed.

That raises a profoundly disturbing possibility whichever way the truth falls in each case. On the one hand, it would appear that senior NZ intelligence and military officials do not inform and in fact cover up controversial operations that occur under their watch. The civilian authorities to whom they ostensibly answer to in the division of labour that constitutes the foundations of democratic civil-military/intelligence relations are deliberately left in the dark. This suggests a level of arrogance and sense of imperiousness that is inimical to democratic governance because there is no regard for personal or institutional accountability embedded in their decision-making. They simply do as they see fit and lie about it afterwards.

On the other hand, it is possible that military and intelligence officials respect the concept of civilian political authority and inform governments of the day of everything that they are doing, including when things go wrong or unpleasant compromises are made in the interest of national security. This can be considered to be a variant of the “no surprises” policy in which governments are informed apriori of controversial decisions so as to not be caught off-balance when said decisions become news. If that is the case, then political managers shoulder responsibility for the policy decisions under which the NZ intelligence community and NZDF operate, including taking the blame when things go wrong or uncomfortable facts are revealed about what NZ security forces are doing at home and abroad.

However, it appears that in NZ there is not only a variant of “don’t ask, don’t tell” operating in the intelligence community, but it is attached to a civilian political management approach whose operating premise is “don’t want to know.” That is, civilian political authorities display willful ignorance in an effort to maintain plausible deniability when things go wrong or prove politically fraught. That may be expedient over the short term but abdicates responsibility when it comes to civilian oversight of the military and intelligence community, thereby tacitly encouraging military and spy agency impunity during and after (often lethal) operations.

Coverage of the Royal Commission on Inquiry into Operation Burnham has focused on the supposed incompetence of senior NZDF officers when it came to document security and disclosure. “Incompetence” is the most generous interpretation of what was at play here. “Conspiracy based on deliberate and coordinated lies and misrepresentations authorised from the top” is an alternative interpretation. The questions now are: which of these two interpretations seems more plausible and will anyone be held to real account in any event? Surely, if the government of the day was deliberately lied to or mislead by the NZDF and was not complicit in the coverup, then there is criminal liability involved.

The same goes for the intelligence agency chiefs who say they did not know what their subordinates were doing during the years in which the CIA-operated extraordinary rendition/black site/torture program was running. If they lied to their political masters about what they knew, then there should be consequences for that even if it has taken time to uncover their deception. If the political authorities at the time knew about NZ intelligence community involvement in the program, that should become a matter of public record even if little can be done in terms of retroactively applying punitive sanctions on their behaviour..

Not to put too fine a cynical point on it, but perhaps there is another hand at play in both instances. The IGIS report on NZ involvement with the CIA extraordinary rendition/black site/torture program speaks at length about managerial misadventure in the NZSIS and GCSB and even “naivety” in the discharge of their duties (when was the last time anyone ever heard the word “naive” associated with spy agencies?). The Inquiry into Operation Burnham has heard about “mistakes” and “oversights” on the part of NZDF senior leaders. It would seem that the common denominator in both is incompetence rather than wilful or deliberate circumvention of ethical norms, legal obligations and constitutional responsibilities.

Could it be that “incompetence” is the ultimate “get out of jail” card for public servants found to have failed in the discharge of their basic obligations and responsibilities?

Cyber-hacking comes to Aotearoa.*

Posted on by
Reply

The Government Security Communications Bureau (GCSB) has announced that Chinese hackers were responsible for cyber intrusions against New Zealand managed service providers (MSPs), the telecommunications firms responsible for providing phone, email and internet services and data banking to individual, public agency and corporate consumers. This is surprising only because it confirms what private security analysts and partner intelligence services have been claiming for some time: that the Chinese are engaged in a global campaign of cyber theft of commercial secrets and intellectual property. They do so as part of a strategy to become the world’s dominant information and telecommunications player within 50 years, and they do so by using ostensibly private firms as cover for hacking activities directed by the Chinese Ministry of State Security (MSS).

The GCSB announcement coincided with indictment by the US Justice Department of two Chinese nationals who have been identified as belonging to the Advanced Persistent Threat (APT)-10 Group of MSS hackers operating under the cover of a Chinese-registered firm, Tianjing Huaying Haitai Science and Technology Development Company Ltd. (Huaying Haitai). Huaying Haitai claims to provide network security construction and product development services but has only two registered shareholders, one manager and no web presence (the domain name huayinghaitai.com is registered to the firm but cannot be found on-line, which is particularly odd for an internet security provider). The US has publicly identified Huaying Haitai as the corporate front for ATP-10, and the GCSB has confirmed that ATP-10 was responsible for the New Zealand-targeted cyber intrusions it has detected since early 2017.

The UK simultaneously announced that Chinese hackers had conducted a decade long-campaign of cyber-theft against British commercial entities, while the US identified 75 US-based targets as well as others in 12 other countries (excluding New Zealand). The GCSB announcement is therefore part of a coordinated effort by Western governments to identify Chinese-based cyber-theft campaigns, and follows on similar Australian revelations announced during the 2018 APEC summit a month ago.

The ATP-10 cyber-hacking campaign violates the terms of a 2016 APEC agreement signed by China (and New Zealand) committing member states to not use cyber hacking in order to engage in commercial espionage or intellectual property theft. It violates similar pacts signed with the US and UK in 2015. This means that China is deliberately violating international agreements for commercial gain. It also makes all Chinese-based telecommunications suspect, both in terms of their purported use of so-called digital backdoors built into their products that can be used by Chinese intelligence as well as their duplicitous corporate behaviour when it comes to proprietary information. In effect, Chinese telecommunications are seen as bad corporate actors as well as intelligence fronts by Western countries. This has caused firms such as ZTE and Huawei being excluded from critical infrastructure projects and 5G network upgrades in a number of countries, including, most recently, New Zealand.

The GCSB announcement refers to Chinese hacking in pursuit of cyber theft of sensitive commercial and intellectual property. It does not mention specific targets or refer to cyber-espionage per se.Yet the two are overlapped because of the nature of the targets and means by which they attacked. ATP-10 hacking attacks are aimed at Managed Services Providers (MSPs) who store data for individuals, public agencies and firms. These include large multinational email, internet and phone service providers as well as smaller cloud-based data storage firms.

If ATP-10 and other hackers can penetrate the security defenses of MSPs they can potentially bulk collect, then data mine whatever is digitally stored in the targeted archives. Although the primary interest is commercial in nature, the overlapping nature of data networks, especially in a small country like New Zealand, potentially gives ATP-10 and similar hacking groups access to non-commercial political, diplomatic and military networks.

For example, a home computer or private phone that has been compromised by a cyber hack on a internet service provider (ISP) can become, via the exchange of information between personal and work devices, an unwitting entry point to work networks in the private and public sectors that are not connected to the individual’s ISP. This raises the possibility of incidental or secondary data collection by hackers, which in the case of state organized outfits like ATP-10 may be of as much utility as are the commercial data being targeted in the first instance.

The dilemma posed by the GCSBs announcement is two-fold. First, will the government follow the GCSB lead and denounce the behaviour or will it downplay the severity of the international norms violations and intrusion on sovereignty that the ATP-10 hacking campaign represents? If it does, it sets up a possible diplomatic confrontation with the PRC. If it does not, it exposes a rift between the GCSB and the government when it comes to Chinese misbehaviour.

Neither scenario is welcome but one thing is certain: no response will stop Chinese cyber hacking because it is part of a long-term strategy aimed at achieving global information and telecommunications dominance within fifty years. But one response will certainly encourage it.

  • An earlier version of this essay appears on the Radio New Zealand website, December 21, 2018 (https://www.radionz.co.nz/news/on-the-inside/378835/cyber-hacking-comes-to-aotearoa).

Cherry picking on Chinese influence.

Posted on by
26

Concern about Chinese influence operations in Western democracies has increased over the last few years, including here in NZ. The concern stems from the fact that, although not espionage or intelligence gathering per se, such operations–which involve money spent on individuals and organisations, establishment of pro-China fronts and media outlets, and placement of individuals linked to or controlled by the Chinese Communist Party in positions of corporate and political importance–corrupt Western democratic systems and undermine the political, social and economic values that underpin them.

The impact of Chinese influence operations has been the subject of considerable discussion in Australia, to the point that politicians have been forced to resign because of undisclosed ties to Chinese interests and intelligence agencies have advised against doing business with certain Chinese-backed agencies. As usual, the NZ political class and corporate media were slow to react to pointed warnings that similar activities were happening here (people may remember my essay on a Chinese fifth column from a few years ago). It was not until Canterbury University academic Anne Marie Brady published an essay last year on so-called Chinese “magic weapons” that the extent of Chinese influence in the local political and corporate worlds was revealed and became a matter of public interest.

It is significant that Brady’s work was first published in the US for a think tank focused on Chinese international affairs, and her first public exposure happened in Australia at a parliamentary committee hearing. That is because, unlike the US and Australia, NZ politicians are not particularly interested in digging into the nature and extent of Chinese influence on the party system and government policy. This, in spite of the “outing” of a former Chinese military intelligence instructor and academic as a National MP and the presence of well-heeled Chinese amongst the donor ranks of both National and Labour, the close association of operatives from both parties with Chinese interests, and the placement of well-known and influential NZers such as Don Brash and Jenny Shipley in comfortable sinecures on Chinese linked boards, trusts and companies.

As I have written before, there is enough to this pattern of behaviour to warrant scrutiny from NZ intelligence agencies and the police. But we also need to put Chinese influence operations in perspective. How are the Chinese any different than the Indians or Polynesian groups when it comes to infiltrating political parties, other than the amount of money available to them? How are these influence operations substantially different than those of other governments such as the US, which funds an array of scholarships, visitor programs, parliamentary delegation junkets and the like? How are Chinese backing of friendship and solidarity groups different than those backed by other foreign governments? How is Chinese corporate fund raising, “fact-finding” and conference travel and other ear-bending efforts any different than the lobbying of corporations, business associations, advocacy groups, etc.?

The answer seems to be that the Chinese are authoritarian, have lots of money to spend on making friends and influencing people and do so in a clearly transactional fashion, much as they do via their chequebook policy in the South Pacific. The implication is that they engage in corrupt practices when necessary and will not adhere to the strictures of democratic governance other than as lip service when it comes to pursuing their interests. Since NZ is, in essence, just another Pacific Island nation, why should this come as a surprise? In fact, the more interesting issue is why, fully knowing that the Chinese are using influence operations for purposes of State that go beyond international friendship or business ties, do so many prominent New Zealanders accept their money and/or positions on front organisations? Is the problem not so much what the Chinese do as as a rising great power trying to enlarge its sphere of influence as it is the willingness of so-called honourable Kiwis to prostitute themselves for the Chinese cause?

Last week the beat up on Chinese influence in NZ took a strange twist. At a US-China Economic and Security Review Commission (USCESRC) hearing, an ex-CIA analyst said that the Chinese had penetrated the “political core” of the country and that in light of that the US should reconsider keeping NZ in the Five Eyes signals intelligence sharing network.

The absurdity of these remarks needs to be deconstructed, not only for what was said but for what was not said. Let it also be noted that although nominally a bipartisan agency of the US Congress, the USCESRC has increasingly become a China-bashing forum, something that has been accentuated under the leadership of Senate Majority Leader Mitch McConnell (who oversees Commission appointments) and President Trump. This also matters because the witnesses called to testify before USCESRC are often cherry picked for their views on matters of US-China relations.

In his case the ex-CIA analyst rightly pointed out that, in contrast to the US and Australia, the NZ political elite were blasé about the extent of Chinese influence in local politics. But he took a step too far, downplaying the record of the previous National government and criticising the new Labour government for casting a blind eye on pernicious Chinese influence within its ranks (the only mention of National was a reference to the Jian Yang case). He then jumped the shark by recommending that the US and other 5 Eyes partners reconsider NZ’s membership in the signals intelligence sharing partnership.

Let’s be very clear: for the previous nine years National was in power, the deepening of Chinese influence was abided, if not encouraged by a Key government obsessed with trade ties and filling the coffers of its agrarian export voting base. It was National that ignored the early warnings of Chinese machinations in the political system and corporate networks, and it was Chinese money that flowed most copiously to National and its candidates. It is not an exaggeration to say that Chinese interests prefer National over Labour and have and continue to reward National for its obsequiousness when it comes to promoting policies friendly to Chinese economic interests. In fact, it is National that had a Minister, in the person of Judith Collins, attempt to use her position and manipulate the NZ ambassador to China into pushing her husband’s dodgy Chinese-backed business.

All political parties protest that they strictly adhere to campaign finance law and on paper they clearly do. But the whiff of dark money, dirty politics and other forms of unacknowledged influence trading has long clung to National in a measure not shared with its opponents. Put succinctly, contrary to what the the ex CIA analyst intimated, the influence of Chinese interests has been strongest when National is in government. And it is not just the Chinese who have availed themselves of the favourable climate operative during National’s tenure.

Not that National is solely to blame when it comes to trading favours. Labour clearly has consorted with some unsavoury Chinese donors and it remains to be seen if it will be any different than National now that it is out of the wilderness and back into government. But if foreign penetration of the “political core” is such a concern, it is surprising that no serious mention has made either at home or abroad of Winston Peters’ ties to Russia via the horse industry and beyond. In fact, when one looks at Peters’s links to an assortment of industries and interests, it is not just foreigners who appear to have an inside track on his thinking. Even so, the notion of a “political core” being compromised assumes that a whole array of constituent groups, from unions to manufacturers to iwi, are in the pockets of the Chinese no matter who is in government. Perhaps they are, but if so, I have not heard about it.

Labour may have the likes of Raymond Ho in its ranks and some dubious Chinese businessmen among its supporters, but it comes nowhere close to National when it comes to sucking up to the Chinese. That is why Jian Yang is still an MP, and that is why we will never hear a peep from the Tories about the dark side of Chinese influence operations. For its part, Labour would be well-advised to see the writing on the wall now that the issue of Chinese “soft” subversion has become a focal point for Western democracies. After all, Chinese influence operations that work to subvert basic value structures do so against a backdrop of aggressive Chinese cyber attacks and intelligence gathering in the countries in which influence operations are most prominent, NZ included.

But that is also why the recommendation that NZ be excluded from 5 Eyes is ridiculous. First, because for all of the talk about counter-terrorism, the bulk of counter-intelligence efforts by NZ (through the SIS and GCSB) and its 5 Eyes partners are directed at state actors, China in particular. Even if the NZ political elite were totally compromised by the Chinese, the security bureaucracies would insulate their operations from political interference and would likely work with the Police to demonstrate when and where politicians were acting on behalf of Chinese rather than NZ interests. It is the NZ intelligence community (NZIC), more than anyone else, who know the full extent of Chinese activities in the country, and the NZ intelligence community is fully ensconced in Anglo-centric democratic intelligence networks. It is therefore not likely that the NZIC would overlook the type of Chinese influence operations that result in capture of NZ’s “political core.”

Secondly, getting thrown out of 5 Eyes is not simply a matter of being told to take one’s toys and go home. The equipment at the listening posts at Waihopai and Tangimoana and at GCSB headquarters in Wellington is acutely sensitive and there are numerous citizens of partner countries working at those installations. Dismantling and removing equipment, files, archives and other sensitive material from such facilities will be time consuming, diplomatically fraught and operationally vulnerable, especially when it is well known that the Chinese, foremost amongst others, are extremely interested in them.  Institutional history, to include linkages with 5 Eyes partners and broader security networks, would have to be purged in order to avoid it falling into adversary hands. So getting kicked out of 5 Eyes involves much more than a rebuke, and, given NZ’s taskings within the 5 Eyes network, it is precisely the Chinese who will benefit the most from the expulsion.

If the US and other 5 Eyes partners are as worried about NZ being compromised by the Chinese as the ex-CIA analyst suggests that they are, a message of concern would have been sent to the NZ government in at least three ways: via diplomatic communications from the US embassy (which undoubtably has sent reports back to the State Department about the prevalence and impact of Chinese influence operations and intelligence gathering in NZ); by a diminishing of intelligence feeds from those partners in an obvious fashion; and by direct communication between the intelligence chiefs involved. This could well have been the purpose of the visit by the US Director of Intelligence to NZ a few weeks ago and if so, the gravity of the concerns have now been made clear to the Ardern government. However, the PM as well as the Opposition leader have both said that nothing has been brought to their attention that causes them to believe that NZ’s political system has been compromised by Chinese agents.

Given my antipathy towards authoritarians, I hold no particular affection for the PRC. But I do recognise that it does so as a maturing great power and accept that its behaviour is not going to change any time soon unless action is taken to circumscribe its activities in the West–a problem for societies founded on notions of freedom of association, movement and speech (including of opinion and the press). Because these rights are seen as Achilles Heels to be exploited by authoritarian rivals such as China and Russia, it should be expected that they will continue to be used as avenues of exploitation by them (as has been well demonstrated in the US).

What I deplore the most, though, is attacks on left-leaning governments (such as they are) like the current Labour government in NZ for supposedly going soft on Chinese influence pandering when in fact it has been right-leaning governments, not only in NZ but elsewhere, that have most assiduously courted Chinese investment and better diplomatic ties in spite of the PRC’s authoritarian character and dubious record when it comes to human rights and adherence to international conventions. For the NZ media to pick up and bang this hammer when it is part of an orchestrated attack on the Chinese by the US doing so for geopolitical reasons of its own demonstrates how shallow and uncritical reporting has become in Aotearoa. The issue is serious, which is precisely why it should not be subject to partisan manipulation or, ironically, pressure from allied states.

So yes, NZ has a problem with Chinese influence operations on its soil, particularly the willingness of NZers to serve Chinese interests for a handful of coin. But no, it is not just the fault of Labour and no, it is not as bad as has been alleged by the ex-CIA analyst. Nor is what the Chinese do in terms of influence mongering that dissimilar to what many other entities do when pushing their message in the NZ political system.  So let us take better notice of the phenomenon and address it for what it is without succumbing to the apocalyptic diatribes of people whose concern about Chinese influence operations has  less to do with the particularities of NZ and more to do with the broader strategic competition that sees China on the rise and the US in decline.

BONUS LISTEN: Here is an interview done on RNZ by the ex CIA analyst in question. Readers can form their own opinions as to whether he sounds like an authoritative and credible source for the claims he has made: https://www.radionz.co.nz/national/programmes/morningreport/audio/2018646774/ex-cia-analyst-admits-trump-irony-in-china-influence-warning

On intelligence oversight, a broader perspective.

Posted on by
36

The announcement that the Inspector General of Intelligence and Security (IGIS), Cheryl Gwyn, has convened an external Reference Group to discuss issues of intelligence agency oversight (specifically, that of the NZSIS and GCSB, which are the agencies under her purview) has been met with applause and controversy. The applause stems from the fact the Group is a continuation of her efforts to strengthen the oversight mechanisms governing New Zealand’s two most important intelligence collection and analysis agencies. The controversy is due to some of the persons who have accepted invitations to participate in the Group.

The Group is an unpaid, non-partisan collection of people with interest, expertise and/or background in matters broadly related to intelligence and security and their oversight. None are government employees, something that gives them freedom to speak frankly under the Chatham House rules established by the IGIS. The Group is a supplement to and not a rival of or substitute for the IGIS Advisory Panel, made up of two people with security clearances that have access to classified material and who can offer specific assistance on matters of operational concern. However, the Advisory Panel has had no members since October 2016.

The idea behind the Reference Group, which is modelled on a Dutch intelligence oversight counterpart, is to think laterally or “outside of the box” on matters relevant to intelligence oversight. Bringing together people from different backgrounds and perspectives allows Group discussions to gravitate towards areas of common concern, thereby eliminating personal agendas or extreme positions. And because the Group is made up of outsiders, it does not run the risk of becoming slave to the groupthink of agency insiders.

In contrast to the Advisory Panel, the Reference Group does not handle classified material nor discuss operational matters. Access to classified material or operational details is obviated by the fact that the Group’s focus is on the broad themes of accountability, transparency, organizational compliance and the balance between civil liberties (particularly the right to privacy) and the defense of national security as conducted by the lead intelligence agencies. These are matters of legality and propriety rather than operational conduct. And while similarly important, legality and propriety are not synonymous. Often what is legal is not proper and vice versa, and this is acutely the case when it comes to intelligence collection, analysis and usage. Since the IGIS does not oversea the NZDF and smaller intelligence “shops” such as those of the DPMC, Police, Immigration and Customs, the Group will only discuss issues relevant to oversight  of the NZSIS and GCSB.

Who are the members of the Group and why the controversy? The plurality of members are four public interest lawyers, three of them academicians and one an advocate for refugees. Two members are journalists. One is the Issue Manager for Internet NZ, one is the head of the NZ Council for Civil Liberties, one is a former Russian diplomat now serving as the Director of the Massey University Centre for Defense and Strategic Studies (CDSS), one is an economist who chairs Transparency International New Zealand and one is a private sector geopolitical and strategic analysis consultant.

Concern has been voiced about the presence of both journalists as well as the refugee advocate and the loyalties of the former Russian diplomat (although he has held positions at a US security institution as well as the NZDF-funded CDSS). The thrust of the contrary views about these and some of the other participants is that they are untrustworthy due to their personal backgrounds, professional affiliations and/or ideological orientations. An additional reason given for opposing some of the membership is that they have been strong critics of the SIS and GCSB and therefore should be disqualified a priori.

Others believe that the Group is just a whitewashing, window-dressing or co-optation device designed to neuter previous critics by bringing them “into the tent” and subjecting them to “bureaucratic capture” (whereby the logic of the agencies being overseen eventually becomes the logic accepted by the overseers or Reference Group interlocutors).

The best way to allay these concerns is to consider the IGIS Reference Group is as an external focus group akin to a Town Hall meeting convened by policy-makers. Communities are made of people of many persuasions and many viewpoints, and the best way to canvass their opinions on a broad range of subjects is to bring them together in a common forum where they can debate freely the merits of any particular issue.  In the case of the Reference Group the issue of intelligence agency oversight and, more specifically, matters of institutional and individual accountability (both horizontal and vertical, that is, vis a vis other government agencies such as the judiciary and parliament, on the one hand, and vis a vis the government and public on the other); transparency within the limits imposed by national security concerns; and the juggling of what is legal and what is proper, are all set against the backdrop of respect for civil liberties inherent in a liberal democracy. These are complex subjects not taken lightly by those involved, all of whom have track records of involvement in the field and who, given the terms of reference and charter of the Group, are acting out of a sense of civic duty rather than for pecuniary or personal gain.

The IGIS does not need political or agency authorisation to construct such a Group, which has no statutory authority or bureaucratic presence. As a vehicle for interest intermediation on the subject of intelligence oversight, it serves as a sounding board not for the IGIS but for the people on it. In that light, the IGIS has called the Group’s discussion a “one-way street” where participants air their informed opinions about agenda items agreed to in advance and in which the IGIS serves as a discussion moderator and takes from it what she finds useful. Expected to meet two or three times a year over tea and coffee, the Group is not likely to tax the Treasury purse and could well deliver value for dollar in any event.

Critics of this exercise and other forms of interest intermediation or external consultation betray their closet authoritarianism because such concertative vehicles are mainstays of policy-making in advanced liberal democracies. Be it the tripartite wage negotiation structures bringing representatives of the State, labour and capital together (even at the regional or local level), to consultative boards and other social partnership vehicles that connect stakeholders and decision-makers in distinct policy areas, the use of interest intermediation is an integral feature of modern democratic regimes (for an example of the breadth of issues addressed by intermediation vehicles, see Kate Nicholls, Mediating Policy: Greece, Ireland and Portugal before the Eurozone Crisis. London: Routledge, 2015.). To argue against them because of who is represented or because they are seen as inefficient talkfests that are a waste of taxpayer money is just a cloak for a desire to silence broad public input and dissenting views in the formulation of public policy. That may have been the case under the previous government but no longer is the case now.

One of the thorniest problems in a democracy is the question of what system of checks and balances keeps the intelligence community proper as well as legal. As the most intrusive and sensitive of State activities, intelligence collection, analysis and usage must be free from reproach on a number of grounds—conflicts of interest, partisan bias, foreign control, illicit activity or criminal behaviour, etc.—and must be accountable and responsive to the public will. The broadening of consultation intermediators between the NZ intelligence community and the public is therefore a step in the right direction, and for that reason the Reference Group is a welcome contribution to the oversight authority vested in the IGIS.

References: http://www.igis.govt.nz/media-releases/announcements/establishment-of-igis-reference-group/

http://www.igis.govt.nz/media-releases/announcements/reference-group/

Disclosure: The author is a member of the Reference Group. The views expressed are his own.

Something Fundamentally Wrong.

Posted on by
5

In last Monday’s press briefing, the Prime Minister took my name in vain. Responding to questions from a reporter I had talked to, he said that my concerns about the apparent illegality of undercover intelligence operations were “fundamentally wrong.” Instead, he said that although intelligence agencies could not break laws (tell that to Kim Dotcom), they might require “different laws.”

I beg to differ.

Before delving deeper, let’s address the PM’s remark about the need for “different laws” governing undercover intelligence operations. What does he mean by “different?” Is he proposing that there be one set of laws for regular citizens and another set of laws governing undercover intelligence work? How does that sit with the “equal rights under the law” premise that is at the heart of democratic jurisprudence? And if there is no provision for “different laws” governing undercover intelligence operations today, then what is there in extant law that makes otherwise illegal acts legal? How often and under what circumstances are these illegal-but-legal acts allowed and are they only allowed or legal under warrant? Something tells me that the answers to the last two questions are “frequently and routine” and “no” respectively.

The question about undercover intelligence operations was raised because during the course of conversations with a couple of reporters about the Intelligence Review in general, I pointed out that the most interesting items were buried at the back of the report. Reporters tend to read the executive summaries of official government documents but seldom have the time or inclination to read through 179 pages of dense prose and legal jargon.

But since I have the time and inclination, I did. Plus, in my former life as a US government official I actually helped draft such reports so know that the best way of reading them is from back to front. That way one can get to the meat of the report, often found in annexes, before wading through the fluff.

I should point out that my overall take on the report is this: given who was on the Review committee, the report was inevitably going to have a bias towards institutional continuity and incrementalism with regard to reforms. That is indeed what happened. The report reflects as much if not more of the spy agencies’ concerns than it does that of external parties or stakeholders like the civil society organisations and individuals that were consulted by the Committee. The result is bound to be disappointing to those who wanted a major overhaul of the intelligence community or wanted parts of it disbanded altogether, such as the Greens, but to my mind it is a small but acceptable step towards greater transparency and accountability in the NZ intelligence community and its main collection agencies, the GCSB and SIS.

Even so, there are several problematic areas in the report that are worth considering, and here I will focus on the undercover operations that the PM thinks I have interpreted so fundamentally wrong. Rather than present my views without context, here are (cut and pasted) the recommendations regarding undercover operations as listed in the Report:

163 Annex C: Full list of recommendations (abridged).

Cover for operations and employees

78.The legislation should explicitly provide for the Agencies to obtain, create and use any identification information necessary for the purpose of maintaining the secret nature of their authorised activities. This should include the ability to create cover for anyone authorised to undertake activity for the Agencies.

79. “Identity information” should include anything that could be used to establish identity – such as credit cards and shell companies in additional to traditional forms of identification (such as passports and driver licences).

80. The Agencies should also have the ability to obtain, create and use identification information necessary to keep the identity of their employees confidential.

81. The use of these powers should be covered by a tier 3 authorisation (policy statement) to ensure they are exercised only where necessary and proportionate.

82. There should be corresponding immunities from civil and criminal liability for reasonable acts done in good faith to create or maintain cover as part of an authorised operation or to keep the fact of a person’s employment with the NZSIS or GCSB secret.

Immunities.

83. These powers and immunities should be incorporated through general provisions in the legislation governing the Agencies, rather than by inserting specific exceptions in other legislation as is currently the case.

84. The same immunities should apply to both agencies, in line with our recommendations that the Agencies share functions and an authorisation regime.

85. Immunities should also apply to anyone required to assist the Agencies, such as telecommunications companies, or to human sources or agents acting at the Agencies’ request or direction.

86. The legislation should provide that no person should be subject to criminal liability for acts carried out in good faith and in a reasonable manner that are necessary to give effect to a tier 1 or tier 2 authorisation.

87. Employees of the Agencies should also have immunity from criminal liability for acts carried out in good faith, in a reasonable manner and in accordance with the purposes of the Act to obtain a tier 1 or tier 2 authorisation.

88. The immunities for employees of the Agencies should also extend to any relevant minor offences or infringements that may need to be committed in the course of investigations carried out under a tier 3 authorisation (such as breaches of road user rules).

89. Employees of the Agencies and any person acting at the request or direction of the Agencies should be protected from civil liability for acts or omissions in good faith in the pursuance or intended pursuance of the Agencies’ duties, functions or powers. This is the same protection as is provided to public sector employees under the State Sector Act 1988.

90. Where the GCSB or NZSIS is assisting another agency to perform its functions, any immunities that apply to the agency being assisted should also apply to the GCSB and/or NZSIS.

 

Readers can form their own conclusions about what these recommendations imply. But here are some thoughts. It appears that undercover operations conducted by the SIS (and to a lesser extent the GCSB) do not have specific legal cover as things currently stand. There are no provisions in the SIS or GCSB Acts that explicitly refer to a legal framework under which otherwise criminal acts undertaken by undercover intelligence agents may occur. That means, in effect, that until now undercover intelligence operations are essentially illegal except for the fact that they are conducted by agents of the State at its behest under exceptions to existing legislation (outside of the GCSB and SIS Acts or even the State Sector Act). But even then there is apparently nothing in the law that explicitly authorises undercover intelligence operations that otherwise would be criminal acts (say, burglary, forgery or credit fraud). Yet the recommendations speak directly to such acts so clearly they have been happening.

The problem is not just that SIS agents have no specific legal cover for what they do covertly, something that individually places them at considerable risk in the event that they are caught or detected. There also are no specific provisions on what they cannot do. Where is the line drawn as to what is permissible when acting as an undercover agent of the State. Murder? Arson? Extortion? Blackmail? Kidnapping? Credit card fraud? Money laundering? Burglary? Home invasions? Tail-gating? (I include this because recommendation 88 specifically mentions breaches of road user rules). If an agent is recklessly tail-gating a surveillance target and wrecks while doing so, killing or injuring passerby, is that agent immune from prosecution or liability because s/he was in the service of the State?

These questions are not frivolous. From my personal experience, I know that among other things covert or undercover agents are taught how to pick locks and conduct “traceless” break-ins and burglaries (they are even provided with the tools to do so). Cyber-hacking to install malware or to steal sensitive information is a stock in trade of signals intelligence agencies. Clandestine surveillance of all sorts is the bread and butter of most human intelligence agencies. The CIA has its own lethal drone program and paramilitary branch, as do several other spy agencies. The Mossad is, among many other things, a brutally efficient assassination machine. So where does one draw the line when it comes to otherwise criminal acts carried out by intelligence agents of the NZ state?

The recommendations repeatedly speak about acting in “good faith.” But how is “good faith” defined? The SIS agents who broke into activist Aziz Chowdry’s home in 1996 were probably acting in “good faith” when they committed what otherwise would be a crime, but how is it that stealing documents from activists is justified on national security grounds? Moreover, the person who caught the SIS agents in the act of breaking and entering, David Small, had his home raided, ostensibly to search for bomb-making materials, by the Police a week later, after making the initial complaint (he was able to record the SIS get away car’s registration plate number, which was traced back to an SIS front company). How was the raid on Dr. Small done in “good faith” and at whose behest? The government was eventually forced to settle with Mr. Chowdry for a six figure amount and, worse yet, forced to apologise to him for the break in (you can read a summary of the case here).

Dr. Small also received compensation for “unreasonable search.” If we accept that an apology implies recognition of wrong doing and that “unreasonable searches” may be part of the SIS repertoire, then how and where does “good faith” come into the picture? Add to that events such as SIS break-ins at Auckland University in the late 1990s (if I am not mistaken Jane Kelsey’s office was a target), and one gets the idea that the SIS engages in otherwise illegal acts not so much for national security reasons but because it simply can under a de facto “good faith” immunity clause. So the effect of the current recommendations would be to codify what is already informal usage and practice.

The issue of “good faith” extends beyond New Zealand’s borders. Inspector General of Intelligence and Security Cheryl Gwyn is currently investigating whether the SIS was complicit in the CIA extraordinary rendition and black site program. For those unaware of these, the program involved kidnapping or detaining suspected Islamic extremists and “rendering” them to clandestine detention centres in a number of countries (Poland, Thailand and Egypt, among others). There they were subject to euphemistically labeled “enhanced” interrogation techniques (some of which are more properly classified as torture). Although some of those “rendered” by this program turned up in Guantanamo Bay or in prisons operated by US allies, many others have never been seen again. All of this was conducted off the books and outside of legal guarantees or protections for the detainees.

Assuming that Ms. Gwyn does find that in fact the SIS knew about or was complicit in the extraordinary rendition/black site program in contravention of NZ commitments to international conventions against torture and arbitrary detention, can the SIS turn around and claim that it was doing so in “good faith?” Is “good faith” nothing more than a get out of jail card for the intelligence services?

The bottom line is two-fold. First, undercover intelligence operations to date have been conducted under very porous and somewhat dubious legal cover that allows a multitude of operational sins to occur under what seems to be a wink and nod agreement with other agencies such as the police and Crown.

Secondly, the recommendations in the report about legal cover for undercover intelligence operations are very vague and broad, which allows the possibility for agents to go “rogue” so long as they can claim that they are acting in “good faith.” Neither is acceptable in a liberal democracy.

I agree that a comprehensive legal framework is needed governing the circumstances and permissible activities conducted during undercover intelligence operations. But this framework has to specify as much what is not permissible as what is, and has to ensure clear lines of responsibility as well as authorisation before and during the conduct of said operations. Otherwise we run the risk of allowing State-sanctioned criminal enterprise to masquerade as intelligence gathering.

Questions of the day.

Posted on by
17

It seems that a fair share of people are concerned about the Intelligence Review Committee’s recommendation that the GCSB be allowed to spy on the private communications of NZ citizens and residents, most often with a warrant adhering to a three tiered process that requires the signature of the Attorney General and Judicial Commissioner for the most intrusive searches of private individual’s communications and, under highly exceptional circumstances (involving the combination of imminent threat and the need for immediate real time information), accessing private individual’s communications without a warrant.

This essentially codifies what is already being done in practice under the GCSB’s “assist” role whereby it can offer its technological capabilities under warrant to other government agencies when asked and can engage in warrantless spying on NZ citizens and residents if they reside abroad or work for or are associated with foreign-based entities like NGO’s, IO’s embassies, corporations, charities and CSO’s. Remember: this is targeted eavesdropping and signals intercepts, not mass (meta-) data collection or mass surveillance. The argument goes, and I tend to agree in part with it, that the NZ threat environment has become increasingly “glocal” or “intermestic,” meaning that the boundaries between global or international affairs and domestic and local concerns are increasingly blurred thanks to advances in telecommunications, transportation and economic transaction. Hence the need for targeted GCSB involvement in matters of domestic espionage when warranted.

In any event my first question is this: why, if people are concerned about the publicly-debated legal extension of the GCSB’s de facto “assist” role, are they not concerned about the use of military assets (specifically, the deployment of light armoured vehicles, a helicopter and troops) to assist the police in the Kawerau police shooting and siege? After all, the use in a police operation of combat designed equipment and soldiers trained and equipped  for external combat would seem to be stretching the proper, legally defined role of the NZDF even if we consider its civil defense responsibilities (which, if I am not mistaken, would only apply to armed intervention in instances of civil war or insurrectionist  (read: Maori) upheaval). Should there not be a clear separation of NZDF missions and police matters delineated in law? Pardon my ignorance, but is there? Is there a legally outlined “assist” role for the NZDF in armed confrontations like this latest incident and the Napier siege of a few years ago? Or is the operational relationship between the NZDF and Police more ad hoc, informal and circumstantial in nature?

Then there is the suggestion by Michael Cullen that future Intelligence Reviews could consider merging the GCSB and SIS. This would be akin to merging the NZDF and NZ Police. So my next question is: would we ever consider merging the NZDF and Police? If not, why would we consider merging a signals intelligence collection agency with a human intelligence collection agency?

There is more to ask. Most of what the GCSB does is foreign intelligence collection on behalf of the 5 eyes network. The domestic side of its targeted spying is relatively small in comparison and again, done in service of or in concert with domestic agencies such as the SIS and Police, most often under warrant or given the exceptions listed above. Otherwise and for all intents and purposes, the GCSB is a branch of the 5 Eyes on NZ soil, not a fully independent or autonomous NZ spy agency. Think of the amount of money that the GCSB receives from 5 Eyes, amounts that are believed to be well in excess of its NZ government-provided budgetary allocations (the exact figures are classified so are what is known as “black” allocations under he “reciprocity agreement” that binds the GCSB to the rest of the 5 Eyes partners). Think of the highly sensitive technologies it employs. When the GCSB was first established, was the equipment and personnel used completely Kiwi in nature? Is the equipment used today completely Kiwi in nature and are the people manning the listening posts at Waihopai and Tangimoana today all NZ citizens?

Given the network resources at its disposal, were the GCSB to merge with the SIS it is possible that the latter would be subject to institutional “capture” by the former. That would mean that the intelligence priorities and requirements of 5 Eyes could come to dominate the human intelligence priorities of the SIS. I am not sure that is a good thing. And if we consider that the separation of powers concept that is at the core of democratic practice should institutionally extend beyond the tripartite structure at the apex of the state apparatus (executive, legislature, judiciary), then centralising the most intrusive spying powers of the state in one agency answerable almost exclusively to the executive branch seems to be antithetical to that premise.

It could  be the case that the possibility of a merger is being floated so that the SIS and GCSB can concentrate on external espionage and counter-espionage, with the domestic intelligence function reverting wholly to the police (who already have their own intelligence units). But even then the GCSB will continue to have a role in domestic signals collection, so the result of the merger would mainly impact the focus and organisation of the SIS.

I was fortunate to have a private audience with the Review Committee. From what I have read in the report so far, much of what I recommended was ignored. Even so, I do believe that the committee tried to balance civil liberties with security requirements and take what is a hodgepodge of disparate intelligence legislation and craft a uniform legal framework in which the iNZ intelligence community can conduct its operations. Heck, they even have recommendations about the legal cover given to undercover agents, both in terms of the process of assuming false identities as well as in terms of their immunity from liability when discharging their undercover tasks (apparently no such legal cover exists at the moment or is patchy at best).

Although I was disappointed that much of what I recommended to the committee did not appear in the final report, I am satisfied that their recommendations are a step forward in terms of transparency, accountability and oversight. I realise that this sentiment is not shared by many observers (for example, Nicky Hager was scathing in his appraisal of the report), but to them the questions I posed above are worth considering. To wit: If you are comfortable with the military getting involved in domestic law enforcement in exceptional (yet apparently regular) circumstances, then what is the problem with the GCSB getting more publicly involved in domestic espionage in similar circumstances?

There is much more to discuss about the Report and I may well do so as I wade through it. For the moment, here is a good critical appraisal worth reading.

 

Some questions about the Stephenson case.

Posted on by
7

Although it has been shamefully underreported by major media outlets in NZ, war correspondent Jon Stephenson has won his defamation case against the NZDF by forcing a settlement that involves significant compensation and an admission by the military that its defamatory statements about Mr. Stephenson were indeed untrue. It remains to be seen if the Prime Minister will do the same, since he opined at the time the controversy erupted over Mr. Stephenson’s internationally recognised article “Eyes Wide Shut” in Metro Magazine (May 2011) that Mr. Stephenson was, to paraphrase closely, “unstable” as well as “unreliable.” That has been proven to be false and Mr. Key knew at the time he uttered his comments that they were untrue. Let us be clear: Mr. Stephenson may be driven, but unlike his main accusers when it comes to reporting on the NZDF he is by no means unreliable or a liar.

I wrote the following as a comment over at The Standard but feel that it is worth sharing here:

“I suspect that we have only seen the tip of the iceberg when it comes to the unethical behaviour of the NZDF and political leadership in this affair. Remember that there is a MoD involved and the respective ministers then and now (Coleman and Brownlee). There are more officers involved than retired generals Rhys Jones and Mateparae, some who currently hold senior positions within the NZDF. There is the behaviour of Crown Law to consider. There is the slander on Jon’s character uttered by the PM.

I can only hope that the terms of the settlement do not prevent Jon from publishing more details of his case, including the way in which the legal process unfolded, the obstacles to discovery encountered, and the extra-curriculars surrounding them.

Whatever happens, for once in a long time one of the genuine good guys won. Were it that other members of the press corps (Nicky Hager excepted) had the integrity and courage exhibited by Jon both in the field as well as on the home front.

Kia kaha Jon!”

Beyond what I have written above, there are some other questions that arise from this saga.

For example, in 2013 Nicky Hager revealed that the NZDF electronically spied on Mr. Stephenson in 2012 using NSA, GCSB and SIS assets while he was in Afghanistan. At the same time an internal Defense manual was leaked to the media that identified “certain investigative journalists” as hostile subversion threats requiring counteraction because they might obtain politically sensitive information (one does not have to have much imagination in order to figure out who they are referring to). In parallel, reports emerged that NZDF officials were sharing their views of Mr. Stephenson with Afghan counterparts, referring to him in the same derogatory terms and implying that his work was traitorous or treasonous.

Taken together, both the spying on Mr. Stephenson and the characterisation of him passed on to NZDF Afghan allies can be seen as a means of counteracting his reporting. But if so, what national security threat did he really pose? Is politically sensitive information necessarily a threat to national security or is merely a threat to the political actors being reported on? Is intimidation part of what the NZDF considers to be proper counteraction when it comes to journalists plying their trade in a war zone? And since any counteraction or counter-intelligence operations had to be cleared and authorised by the NZDF and political leadership, were both of the types used against Mr. Stephenson authorised by then NZDF Chief Lieutenant General Richard Rhys Jones and/or Mr. Key? They deny doing so but if that is true, who did and how was it passed down the chain of command to the field commanders in Afghanistan (because, at a minimum, the order to “counter” Mr. Stephenson could be construed as illegal and therefore challengeable–but it never was).

Leaving aside the legitimate role of independent journalism in a democracy in holding policy makers–including military leaders–to account, what does it say about the NZDF that it sees such work as subversive? More alarmingly, if the reports are true, what exactly did the NZDF leadership hope to accomplish by telling Afghans, while Mr. Stephenson was in Afghanistan, that he was a threat to them?

Then there is the issue of the lie. General Rhys Jones claimed that, contrary to what was written in his story, Mr. Stephenson never visited the base in which the Crisis Response Unit (to which NZ SAS were attached) was located and did not talk to its commander. That was a direct challenge to Mr. Stephenson’s journalistic integrity. Mr. Stephenson sued for defamation and during the first trial (which bizarrely ended in a hung jury) the NZDF and Rhys Jones himself admitted that Mr. Stephenson’s version was true.

So why didn’t the trial stop right there? The moment the truth of Mr. Stephenson’s story was admitted by Rhys Jones, it was supposed to be game, set and match to the journalist. But instead the Crown spent hundreds of thousands of taxpayer dollars continuing to litigate in that trial and then the follow-up court process that was ended by the recently announced settlement. Why so?

The answer to the last questions seems to be that, like in the Zaoui and Urewera 18 case, the Crown prefers to bleed its adversaries emotionally and financially even when it knows that it can not win. This death by a thousand cuts approach, courtesy of the taxpayers largesse, is as unethical as it is cynical and undermines the belief that justice in New Zealand is blind and universal.

There are many other questions that need to be answered about the treatment of Mr. Stephenson. Is it true that media outlets were pressured to not accept his work on penalty of getting the cold shoulder from the government? Did NZDF officials physically threaten Mr. Stephenson in New Zealand? Did the intelligence services spy on Mr. Stephenson above and beyond what was reported by Mr. Hager, both at home and abroad, and are they doing so now, and on what grounds if so? Did NZDF and/or MoD and/or PMDC and/or Crown Law officials conspire, either solely or together,  to cover up, obstruct, alter, destroy or otherwise impede the release of evidence to Mr. Stephenson’s lawyers at any point in the legal proceedings?

My sincere hope is that the settlement agreed to by Mr. Stephenson and NZDF does not preclude the former from writing about his experiences with the NZDF, both in Afghanistan and during the trials. Hopefully he will be able to answer some of the questions I have posed above. I say this because something stinks about the way this affair has been handled at the highest levels of government, which is not only a stain on the individuals involved but a direct affront to basic tenets of liberal democracy.

Suggestions for the Intelligence Review Committee.

Posted on by
14

Readers will know that I expressed my unhappiness with the composition of the Intelligence Review committee and my belief that, save some cosmetic changes, a whitewash of the NZ intelligence community (NZIC) could be in the offing. Although I spoke with several people who were making public submissions to the committee (the deadline for which has passed), I decided not to waste my time given the press of other business and likely futility of doing so.

To my surprise, a month or so ago I was invited to speak privately with the committee, which for those who do not know consists of Sir Michael Cullen and Dame Patsy Reddy. The terms of reference for the committee are quite narrow on the face of it but I took the view that they can be interpreted more broadly in the context of the Review. The two major terms of reference focus on whether the legislative frameworks governing the New Zealand Intelligence Committee (NZIC, and GCSB and NZSIS in particular) “are well placed to protect New Zealand’s current future national security, while protecting individual rights; (and)..whether the current oversight arrangements provide sufficient safeguards at an operational, judicial and political level to ensure that the GCSB and NZSIS act lawfully and maintain public confidence.”

More specific matters subject to the Review include whether the 2014 Foreign Fighters Act should be extended or modified before its March 31 2017 expiry date; and whether the definition of ‘private communication’ in the GCSB legislation is satisfactory.

I decided that I would accept the opportunity to speak with Sir Michael and Dame Patsy in spite of my reservations about the Review process. Without going into the details of the meeting, here is some of what I outlined to them.

I started off by noting that much of the commentary about the NZIC was mistaken in its classification of the GCSB as the “foreign” spy agency and the NZSIS as the “domestic” spy agency. I pointed out that the proper classification was that the GCSB is the signals and technical intelligence agency (SIGINT and TECHINT in the parlance) and that the NZIS is the human intelligence agency (HUMINT). Both have domestic as well as foreign espionage roles, although these needed to be explicitly detailed in law and circumscribed as much as possible when it came to the domestic side of the fence.

I continued by stating that the Countering Foreign Terrorist Fighters Act needs to be abolished. People who commit violent crimes abroad, particularly war crimes and crimes against humanity, can be detained and/or charged under criminal law and extradited to face justice in the jurisdictions in which the crimes were committed. If that is not possible they can be tried by the International Court of Justice in The Hague. This is true whether they are identified as individuals or as members of a group that commits atrocities. So long as there is evidence of involvement in criminal acts, there currently are means of ensuring they face justice without politicising the cause.

I said no to the idea of revoking their passports to prevent their return and noted that the presumption of innocence should apply to returning fighters who are not implicated in atrocities even if they were involved in foreign conflicts. I also noted that according to Western intelligence estimates, less than 50 percent of those who travel to fight with ISIS return alive, and of those the vast majority are too traumatised to consider committing acts of violence on home soil.

We had a lengthy discussion on what constitutes a “private communication.” The 2014 GCSB Act states that it  anything a person could reasonably expect to be public in nature, say a Twitter or Facebook posting or even email on providers such as Google or Yahoo that data mine their clients information for advertising purposes (all of which is voluntarily agreed to by clients under the terms of service, which is what they are required to tick off on before setting up an account). I feel that definition is too vague, broad and permissive when it comes to GCSB powers of electronic surveillance. My bottom line is that a private electronic communication is akin to a dinner table conversation: that which a person has a reasonable expectation will not be repeated or listened to by people outside of the immediate context in which it was made.  I noted that personal data mining for advertising purposes was a bit different than the State doing so for security purposes–especially when it does so without consent (since I doubt many people ticked a box allowing the GCSB or other intelligence agencies to monitor their private communications).

If the authorities cannot read our snail mail letters without a warrant or consent, I do not believe that they can read our electronic mail without such either. That still leaves the issue of meta-data and bulk collection, but as I have written before, I do not believe that the latter is equivalent to mass surveillance for technical as well as legal reasons.

With regard to legislation, I suggested that the Search and Surveillance Act needs to be narrowed because it has been expanded too much as a result of post 9/11 hysteria. I also suggested that the GCSB Act be reviewed and narrowed with regards to its powers of domestic espionage. Although I have no real problem with its “Assistance” role when it comes to aiding the NZSIS or Police on home soil, and fully understand that the Act needed to be upgraded to cope with cyber espionage, crime and warfare, I believe that its powers of warrantless surveillance on NZ soil are too broad and intrusive. Narrowing the GCSB Act would still allow the GCSB to engage in defensive measures and counter-espionage with or without the help of its sister agencies, but it would prevent it from conducting offensive operations against NZ domestic targets without a warrant.

Most of what I had to say about legislation consisted of a proposal that the NZSIS Act be amended so that it is stripped of its domestic espionage and security vetting functions. Those should be moved to the NZ Police (who need to be resourced accordingly), since the Police already do much domestic spying and background checks. Perhaps even an FBI or MI5-type civilian domestic espionage agency could be created that answers directly to Crown Law if not the Attorney General (fully understanding the political nature of the latter). The reason for this proposal is that as things stand the NZSIS does foreign human intelligence gathering, domestic human intelligence gathering, counter-espionage and security vetting. An agency of 300 people (counting clerical staff) might be able to do one, perhaps two of these tasks adequately, but it simply cannot do all four anywhere close to efficiently or effectively. Since the type of signal and technical intelligence collected by the GCSB and its foreign partners can only paint part of any given intelligence picture, it behooves the NZSIS to complement that with an autonomous human intelligence capability that focuses on areas of foreign policy priority or concern. It is important to know about the context–as in culture, mores, norms, personalities, interests and attendant modes of behaviour–in which signals and technical intelligence is obtained, and that should be done independently by NZ in areas of priority interest (say, the South Pacific).

In terms of oversight I noted the gross inadequacy of the current “arrangements.” I suggested that there  needs to be better parliamentary and judicial oversight of the NZIC, and that this has to be proactive as well as retroactive in nature. If I was running the show I would leave the Inspector General of Intelligence and Security (IG) as the in-house executive branch oversight mechanism, perhaps by re-locating the IG office to Crown Law jurisdiction and out of the immediate control (via resourcing) of the NZIC and Prime Minister’s office (DPMC). I also have little issue with the current state of the Commissioner of Warrants and Minister of Intelligence and Security signing off on warrants.

Yet I spent considerable time explaining how important a division of powers is when it comes to intelligence oversight in order to avoid bureaucratic “capture” by the NZIC. I proposed that a dedicated parliamentary committee on Intelligence and Security be created, as an agency of parliament with its own permanent staff, that would have proactive and retroactive powers of compulsion under oath. This agency would serve as the non-partisan, apolitical support base for the Select Committee on Intelligence and Security comprised of politicians, and that the Select Committee include members from all parties that receive over 5 percent in the previous election distributed proportionally, with the PM serving as the tie-breaking vote.

Both the Select Committee and permanent staff would have the ability to investigate operational matters and scrutinise classified material rather than rely on unclassified summaries provided by the Directors of the GCSB, NZSIS and other intelligence shops like the NAB. This would require them to sign secrecy oaths but so be it–if they want to sit at the table that is the price the politicians will have to pay (the permanent staff of the committee will of course have been security vetted in order to receive clearance to handle classified material). I fully realise that all of this will cost money and encounter bureaucratic and political resistance, but I think it is very important to undertake these reforms in order to prevent the type of NZIC excesses that have brought us to the current moment.

In order to resolve disagreements  and arbitrate disputes between the NZIC, the IG and parliamentary committee on matters of lawful and unlawful NZIC activities, I suggested that an intelligence tribunal or juridical review panel be formed using High Court justices, QCs or other distinguished jurists. This would serve as the court of last recourse and final appeal on all matters pertaining to the legality of NZIC operations.

Finally, I reiterated my belief that Edward Snowden provided NZ with the opportunity to re-negotiate some of the terms of agreement with its 5 Eyes partners. These will not disrupt the core of the agreement, much less result in NZ’s exit from 5 Eyes. But it could allow NZ to withdraw from conducting front-line offensive intelligence operations against states that have great leverage on it, be it in trade or other areas vital to NZ’s well-being. Thus, for example, NZ could ask to not take the lead in spying on the Chinese in the South Pacific simply because if that were to be made public the Chinese would have to respond even if just to save face (and I believe that the need to respond involves a heck of a lot more than matters of national pride or “honour”). The PRC cannot retaliate to any punishing extent against the other 5 Eye partners given the strategic leverage these have relative to it. But little ‘ole NZ is very vulnerable on that score and could be an easy whipping boy for the Chinese should they want to get the message out that impudent small nations mess with it at their peril.

This re-negotiation does not preclude from NZ doing defensive spying and counter-espionage against any state or non-state actor. But it keeps NZ out of the line of fire of aggrieved large powers should the nature and extent of 5 Eyes espionage continue to be publicly exposed thanks to the Snowden material.

The response of the committee was polite but succinct: the last suggestion was beyond their terms of reference.