Transparency requested by spy watchdog
When the New Zealand Security intelligence Service was established more than 60 years ago, the main concern was Cold War operatives on New Zealand soil. Now the intelligence and security agencies are more worried about Russian statesponsored cyber-hacking.
In the rapidly changing landscape, both the watchdog tasked with independently overseeing the intelligence and security agencies, and the general public, need to get up-to-speed on the issues facing the intelligence and security world.
Last week, Government Communications Security Bureau (GCSB) boss Andrew Hampton said there were signs New Zealand organisations have been directly threatened by Russian statesponsored hacking.
‘‘Attributing cyber incidents to particular countries is something that is carefully considered and is a step not taken lightly,’’ he added.
The bombshell came in the wake of international concerns about Russian-backed hacks on networking equipment.
And earlier this month, Cabinet’s External Relations and Security Committee released a paper outlining its need for a refresh of the Cyber Security Strategy and Action Plan.
The committee said it was imperative to embrace new technology, but ‘‘this same technology has provided new avenues for criminals and hostile actors to gain advantage’’.
It pointed to an increase in cyber-security threats. The National Cyber Security Centre (within the GCSB), recorded 396 incidents during the 2017 financial year, and was forced to provide ‘‘hands-on intensive incident response’’ on 31 occasions.
‘‘Cyber threat actors are increasingly bold, brazen and disruptive. New Zealand’s geographical location does not exempt us from this threat,’’ the committee said, adding that it was ‘‘timely’’ to step up its cybersecurity efforts.
In order to keep abreast of the changing nature of digital threats, the Government is also in the midst of developing a digital strategy and hiring a chief technology officer.
THE WATCHDOG
The ultimate responsibility of heading off the country’s cyberthreats, and physical threats such as terrorism, rests with the NZSIS and GCSB.
And the person charged with reviewing actions taken by those agencies needs to keep abreast of these challenges, if she hopes to hold them to account.
Inspector-General of Intelligence and Security Cheryl Gwyn is there to make sure the agencies follow the law and do so in a ‘‘proper’’ (and ethical) way. The ‘‘proper’’ part is open to interpretation, but in the past Gwyn has said that means asking whether reasonable, thoughtful and informed New Zealanders would think the conduct was ‘‘right’’.
‘‘I think a really important part of being independent is being wellinformed,’’ she says.
In an office of just eight people, with limited funds, and no space for new hires, this means bringing in outside experts, to help Gwyn do her job to the highest standard – ‘‘we can’t possibly have all the expertise in-house, that we need’’.
In order to plug the gap in technical expertise, Gwyn has started work on forming a panel of technical advisers - people wellversed in cyber-security, opensource platforms, and encryption.
In theory, she also has an advisory panel, with full security clearance, who can act like a ‘‘sounding board’’, and discuss operational matters. That panel was set up by the former government in 2014, to add strength to her office.
The panel of four (made up of two appointed members, the inspector-general and the deputy inspector-general) also has the power to report directly to the prime minister on any issue they see necessary.
THE CRITICS
Gwyn received flack for her appointments to the reference group, which was similar to a group created by the Dutch intelligence and security watchdog. Some emailers called her ‘‘stupid’’ for including the likes of investigative journalist, and sometimes agency critic, Nicky Hager.
The feedback doesn’t upset her – in fact she believes more public debate is needed on these matters but Gwyn is dismayed her point was missed.
‘‘I deliberately set out to get a diverse range of people. I didn’t want people who were just going to endorse what I think and say. There’s absolutely no point to that. I wanted people who would challenge my view of the world – tell me things I hadn’t thought of.
And that was the purpose of the group: to spark robust debate on important issues.
In the wake of political backlash from the National Party, minister in charge of the agencies Andrew Little said groups like this helped ensure public confidence in agencies that largely operate in secret. Gwyn also wants the group to give her feedback on how she’s doing her job.
LAW CHANGES
During the reference group’s first meeting a couple of clear themes emerged.
The first was the perception
that every time the agencies break the law, or over-step the mark, the law is retrospectively changed to move the goalposts.
In 2013 – a decade after the GCSB act became law, promising that the foreign intelligence gathering agency would not be used to spy on New Zealanders – a landmark law change gave the agency the powers to spy on Kiwis.
The legislation was hastily drafted after a top-secret review found the GCSB may have illegally spied on 85 people over a 10-year period.
That review was ordered in the wake of revelations the bureau illegally spied on German internet entrepreneur Kim Dotcom.
Former prime minister John Key brushed off public criticism as ‘‘scaremongering’’.
And last year, a law change – following a separate review – resulted in a single piece of legislation to govern the NZSIS and the GCSB – the Intelligence and Security Act – as well as expanding the agencies’ resources, and the strength of the inspectorgeneral’s office.
Gwyn says she understands why this public perception exists, but believes the agencies are held to account when they act unlawfully, or improperly.
Sometimes this results in internal changes to processes, systems, and personnel. Sometimes it’s a trial by public perception. Sometimes that’s a damning report and a list of recommendations from the office if the inspector-general.
Some say Gwyn’s post hasn’t got any teeth when it comes to reprimanding the agencies, but she says she can’t imagine the inspector general’s recommendations being ignored in the wake of a security and intelligence scandal.
So how are New Zealand’s security and intelligence agencies doing? Generally, they follow the law and act properly, but they’re not immune to getting it wrong.
Regardless, good intentions are no excuse if something goes wrong when the stakes are this high.