Better to pause than to rush.

The Parliamentary Select Committee hearings on the Bills to amend the 2003 GCSB Act and 2004 Telecommunications (Interception Capability and Security) Act have begun this week. There is much interest in the hearings not only because of the content of the Bills under consideration, but also because they are open to the public. The cast of characters scheduled to present is as colorful as it is deep: Kim Dotcom, the CTU, the Law Society, Internet NZ and several telecommunications firms are among those representing.

Even so, some of the public discussion surrounding the proposed reforms has been stunningly stupid. In recent weeks the Herald featured two editorials supporting the proposed changes. The first claimed that the changes would help prevent a Boston Bombing scenario (a claim that the Prime Minister has parroted; Winston Peters prefers to use the train station bombing hypothetical). That ignores the fact that US intelligence agencies could not do so even with their massive meta data-mining schemes and a tip from Russian authorities. Nor could they prevent the Fort Hood massacre even though the perpetrator was in regular email contact with an al-Qaeda leader in Yemen prior to the shooting.

Worse yet, the Prime Minister and others such as this editorial writer make it seem as if counter-terrorism is the primary function of intelligence operations. It is not. Traditional inter-state espionage, no matter what the technologies used, remain the major part of intelligence work. The counter-terrorism angle provides a convenient fig leaf for the expansion of intelligence networks and the scope of their authority, but in reality occupies a relatively small amount of intelligence resources and attention. This is particularly true for countries that are not on the front lines of the so-called “war on terrorism.”

The second editorial, by a supposed former intelligence officer, claimed that those who oppose the Bill are scaremongers and uninformed, even though the Law Society, Internet NZ and several other professional groups have registered their opposition on legal as well as technical grounds. The author also asserted that because civil servants drafted the proposed changes, we should accept them in good faith. Yeah right.

I beg to differ. There is clearly a need to “tidy up” the legal framework governing GCSB activities on home soil because under the current Act the role of the GCSB in domestic espionage is murky. But civil libertarians and privacy rights activists have legitimate reason to oppose the GCSB Bill in its present form.

The Bill expands the terms and conditions under which the GCSB can engage in domestic espionage, including reasons that have nothing to do with national security and for agencies unrelated to it. Those responsible for issuing the warrants under which the GCSB would “assist” domestic agencies would be those who currently do so, in a cross-signed fashion in the case of spying on New Zealand citizens and residents. If the targeted entity falls under the foreign intelligence collection mandate of the GCSB (which targets “foreign entities,” in New Zealand, including private firms as well as diplomatic missions), warrantless intercepts can be authorized even if they extend to New Zealanders.

In light of past excesses and mistakes it is evident that leaving warrant issuance to the Prime Minister and a retired judge (the Commissioner for Security Warrants) is pure folly even when done in combination. These are the individuals who were on watch during the Dotcom raid and, in the case of the Prime Minister, claimed ignorance after the fact as to how and why the GCSB became unlawfully involved in it.

The definition of threat to national security under which the GCSB would act is too nebulous and broad to prevent mission creep into common law enforcement and encroachments on individual and group privacy. For example, under the proposed legislation the GCSB could assist the Department of Primary Industries to spy on environmental activists on behalf of fishing, logging or mining interests if their protests were deemed injurious to the economic well-being of the nation, which can be construed as a threat to national security under current definition of the term.

The oversight mechanisms proposed by the Kitteridge Report are a veneer on what currently exists. Even if bolstered by a Deputy and some additional clerical staff and funding, the Inspector General of Intelligence and Security is simply too dependent and too powerless to effectively serve as the overseer of the New Zealand intelligence community. Absent effective independent oversight such as that which could come by making the Inspector General’s office a Department of Parliament responsible to a Parliamentary Committee with powers of compulsion under oath, the room for unaccountable manipulation of intelligence flows and analysis remains great.

The Telecommunications (Interception Capability and Security) BIll that accompanies the GCSB Bill is more draconian than similar legislation under the US Patriot Act. It compels telecommunications companies to provide access to their source and encryption codes (that is, provide warrantless access before the fact to private accounts when no threats are evident). It authorizes GCSB espionage operations without the consent of affected private entities as part of its “information assurance and cyber assurance” function, which is designed to safeguard a broadly defined information infrastructure consisting all forms of telecommunications emissions, systems and networks. In other words, one way or another the GCSB would have the ability to surreptitiously monitor all New Zealand based telecommunications regardless of whether or not they involved clear threats to national security.

Since New Zealand is not a major target of inter-state cyber espionage or in the so-called war on terrorism, that is an overreach. India, Brazil, Italy, Spain, Canada, Germany and many other democracies who arguably are much more at risk for espionage and terrorism do not have such legislation. In most the separation of foreign and domestic espionage is made quite clear in law, with the latter carried out mostly by the Police, national gendarmes or local investigative agencies with help from foreign-focused intelligence agencies only in the most exceptional circumstances (even then, agencies like Interpol exist as the first line of recourse used to facilitate international crime investigations).

What is the problem in requesting voluntary telecommunications company cooperation with national security investigations, particularly when they are clearly focused on clear and present threats? What telecommunications provider would refuse such a request, especially if issued under warrant specifying the reasons? If such a system works for the countries mentioned above, why can it not work here?

The official presumption in the T(ICS) bill that telecommunications firms need to be compelled rather than be allowed to voluntarily cooperate with intelligence agencies on matters of national security says more about the disposition of the government than it does about that of the firms involved.

By expanding the GCSB’s domestic “assistance” role in two capacities (information assurance and cyber security to public and private entities as well as technical assistance to sister agencies), the proposed changes run the risk of deviating it from its main foreign signals intelligence and counter-cyber espionage efforts. It will add a further burden to it’s already stretched staff of analysts, engineers, linguists and cryptographers. Since increased funding and recruitment are circumscribed by the present climate of fiscal austerity, it does not appear likely that resources for the GCSB will be increased commiserate with the increase in its domestic assistance authority.

Interestingly, the GCSB and T(ICS) Bills were proposed soon after issuance of the Kitteridge Report on the GCSB, which was driven by the unlawful electronic monitoring of Kim Dotcom and associates by that agency. Given the level of detail in the Bills, that suggests that they were drafted before Ms. Kitteridge’s findings and recommendations were finalized. This contradicts the government’s claim that the Bills came in response to the findings of that report.

In a world in which threats are increasingly “intermestic” or “glocal” in nature and in which the boundary between national law enforcement and international security is increasingly blurred, there is reason to adjust the legislative apparatus governing the role, scope and functions of the New Zealand intelligence community, including its international commitments. At present the GCSB and sister agencies appear rudderless, unsure of who and what purpose they serve, much less how they should prioritize their essential responsibilities.

This is why a full inquiry into the New Zealand intelligence community is needed before any reforms are made to its legal architecture, especially given that the last review of New Zealand intelligence operations occurred in the 1970s.

The inquiry could well start with exploring what New Zealand’s threat environment consists of now and in the near to medium future, including proximate and distant threats of a physical (environmental and epidemiological), economic, military, diplomatic and criminal nature. It could then turn to outlining the specific meaning of “national security” in light of these threats (with the balance between minimalist and expansive definitions of national security needing to be debated and precisely defined).

It might consider how current policy decisions or orientations can set the stage for the emergence or facilitation of future threats (such as by trying to play off trade and security relations with competing great powers as a form of hedging or strategic balancing act). Having done that, it could proceed to review the way in which the intelligence community operates so as to offer prescriptions for its better tailoring to the threat environment extant and foreseeable.

Much has happened since the last intelligence review, both in terms of the nature of national security threats as well as the technologies they employ and those used to counter them. It is therefore prudent to pause and review how New Zealand intelligence operations are conducted rather than rush to pass legislation that retroactively exculpates past unlawful behavior by the GCSB while expanding the reach of those who authorized it.

 

A short version of this essay appeared in the New Zealand Herald on July 2, 2013 under the title “GCSB bill going too far too fast.”

12 thoughts on “Better to pause than to rush.

  1. “There is clearly a need to “tidy up” the legal framework governing GCSB activities on home soil because under the current Act the role of the GCSB in domestic espionage is murky.”

    In what way is it murky when Section 14 is fairly black and white on this issue;

    ” Restrictions imposed on interceptions

    14 Interceptions not to target domestic communications

    Neither the Director, nor an employee of the Bureau, nor a person acting on behalf of the Bureau may authorise or take any action for the purpose of intercepting the communications of a person (not being a foreign organisation or a foreign person) who is a New Zealand citizen or a permanent resident.”

    Seems pretty clear to me.

  2. Frank:

    Under the Section 14 of the 2003 Act the GCSB cannot directly spy on NZ residents. However, under the Act the GCSB is authorized to provide technical assistance, under warrant, to the SIS, Police and NZDF in pursuit of their missions. So if the GCSB provides a hand-held interception device to the Police or installs a bug in an international internet switch located in NZ at the behest of the SIS, both of these having been authorized under warrant and with the cops and SIS having their own officers doing the actual monitoring of the communications being targeted, then that is legal.

    The uncontroversial part of the proposed Bill is formalizing this arrangement in clear terms (although that is worth debating). The less appealing parts are, among others, the grounds for warrantless searches, the agencies for which GCSB assistance can be offered, and the reasons for which warrants are issued in order to secure GCSB assistance.

  3. Pingback: The Daily Blog Watch Tuesday 2 July « The Daily Blog

  4. “…The uncontroversial part of the proposed Bill is formalizing this arrangement in clear terms…”

    I’ve been puzzling about the politics of this, as to why Key decided to include such controversially massive over-reach in this bill. There was no need to, and if the measure of the incompetency of the minister in charge is the amounts of times it is mentioned in the media, then his handling of the portfolio has to be the most spectacularly incompetent and bungling ever. The only explaination I can come up with is Key is a sort of Forze-Italia style small “f” fascist who holds the office of PM and the constitutional checks and balances of our political system in utter contempt. If we view him as an arrogant CEO who only considers the decision making processes of an oligarchic corporate boardroom as legitimate rather than valuing being an elected representative constrained by constitutional and democratic norms, then much of his (and Steven Joyces) behaviour suddenly makes some sense. Certainly, Key’s obvious utter disinterest in and distain for the processes and procedures of democracy, his proclivity to a heroic leadership style (as in the SkyCity deal) complete with excessive security from the DPS wherever he goes and now his determined desire to centralise state security apparatus to the office of the PM to use as he sees fit reminds me of Berlusconi, minus the bunga bunga – a sort of Gianfranco Fini meets Silvio Berulsconi.

  5. “The only explaination I can come up with is Key is a sort of Forze-Italia style small “f” fascist who holds the office of PM and the constitutional checks and balances of our political system in utter contempt. ”

    Didn’t you come to this realisation about six or seven years ago, Sanc?

  6. Hugh, I find my gift of foresight is an awesome burden that requires me to remind lesser mortals of what I have already foreseen.

  7. It’s certainly easier to get people to see things your way when you include a heavy dose of ‘I told you so’.

  8. Anyone who saw Campbell live last night, which carefully drew the threads together, can now have no doubt now as to the reasons why Key is ramming through these laws without bipartisan support or even proper consideration.

    Running in parallel to all this is growing US impatience with popular hostility to it’s proposed IP provisions in the TPPA. Kim Dotcom and our leaky civil service have become a focus of US anger over it’s failure to exercise total hegemonistic control in areas it considers to be in its national interest.

    Any commonsense interpretation of the timeline of events given by John Campbell tells you that the Key government were given its orders by the US administration over spying and over Kim Dotcom (who it seems Eric Holder personally wants to make an example out of as a warning to everyone else as to the power, determination and extent of the United States global reach to protect it’s interests) in July 2011, and Key is lying through his teeth when he says he had never heard of Kim Dotcom until the day before the infamous raid. Given the sequence of actions and events put in train by the Key’s ministers and Key himself since July 2011, it seems that Key’s agenda is to a) try to engineer a secret coup against the sovereignty of the New Zealand state by converting it into little more than a supine client surveillance state totally beholden to the interests of the United States b) that Kim Dotcom was mentioned to him as a specific example of the need for him to try and quickly carry out this coup.

    The raid on Kim Dotcom and the subsequent refusal of our courts to grant carte-blanche to illegal government activity has thwarted Key’s agenda, so hence the rush to ram through these changes before the implications of them reveal to a much less pro-US New Zealand public Key’s agenda to turn us into a craven US lapdog.

    I am reduced to seriously wondering if we have a actually have someone who would meet a dictionary definition of a traitor (“…One who betrays one’s country, a cause, or a trust, especially one who commits treason…”) running our country.

  9. Lest we forget: as a currency trader, he was a traitor to NZ interests long before entering politics.

  10. @Pablo:

    “Neither the Director, nor an employee of the Bureau, nor a person acting on behalf of the Bureau may authorise or take any action for the purpose of intercepting the communications of a person (not being a foreign organisation or a foreign person) who is a New Zealand citizen or a permanent resident.”

    Which part of “may not take any action” allows them to provide a device or install a bug? Isn’t that covered under the definition of ‘any action’?

  11. Gareth:

    Here is where the legal semantics matter. Under the 2003 Act the authorization is made by the person who issues the warrants, not the GCSB Director (the GCSB can conduct warrantless surveillance of foreign persons or organizations, including foreign owned firms and those who work for them). That would be the PM as Minister of Security and Intelligence or the Commissioner for Security Warrants, a retired High Court judge.

    The SIS, Police and NZDF can ask that the warrants be issued, and armed with a warrant can request GCSB assistance. For that to happen the Director has to make a determination as to whether the request is lawful and the warrants governing the request speak to a national security interest.

    The proposed amendments to the act would broaden the number of agencies that can request GCSB assistance as well as the grounds upon which such assistance can be lawfully rendered. The PM and Commissioner would still sign the warrants under which that assistance can be rendered, with some cases requiring that both sign off on the warrant.

    As it turns out assistance may be technical but also non-technical. The request for assistance may specify a GCSB employee with specific skills rather than a piece of equipment. Remember that there are many linguists, translators and IT specialists working at the GCSB, and not all of them need to bring equipment with them when seconded to a partner agency.

    The “not take any action” clause is circumvented by the GCSB Director not being given the specifics of the matter for which the request for assistance being made, as well as the practice of the Director not being informed of the outcome of the case in question after the GCSB’s assistance has ended. So if the SIS said to the PM that there was a matter of (domestic in origin) national security that required a Slovakian speaking analyst, and no such person worked in the SIS but did work at the GCSB, then the would be enough to have the PM sign a warrant authorizing the use of that GCSB “asset” in that specific case.

    Of course, in the Dotcom case the GCSB was engaged in warrantless surveillance on the mistaken (?) assumption that Dotcom was a “foreign person or entity.” Should the proposed legislative changes go through, the presumably Mega could be treated as a foreign organization for the purposes of spying (depending on where it is registered, pays taxes etc.).

Leave a Reply

Your email address will not be published. Required fields are marked *