In March the Inspector-General of Intelligence and Security released its inquiry report into the Government Communications Security Bureau’s (GCSB’s) hosting of a signals intelligence system deployed by a foreign agency. This activity began around 2010 and also involved taking part in a wider intelligence programme related to this capability.
The GCSB agreement to host was done without seeking ministerial approval and without subsequently informing its Minister of the system’s existence or purpose. In its report, The Inspector-General found that it was improper for the GCSB to decide on hosting the capability without bringing it to the Minister’s attention. By doing so it failed to respect and enable ministerial control of the agency
The Bureau’s current leadership and legal team knew nothing of the system until it was brought to their attention in 2020.
Taking a systems view this indicates several matters of concern and some of comfort.
Matters of concern, at the systems level are that:
- The hosting decision may have resulted in the foreign signals intelligence system being used to cause harm through New Zealand support, but without our government’s knowledge or agreement, including military action against targets. No records could be found of GCSB seeking any explanation for any tasking requests received.
- Risk assessment occurred initially but that did not translate into action to inform the Minister of National Intelligence and Security at that time (that ministerial portfolio is of necessity held by the Prime Minister). An Intelligence service cannot assume not to be under the control of its Minister.
- Operational systems underpin integrity frameworks within organisations. It was clear to the Inspector General that these were poor at that time (e.g. record keeping, due diligence, auditing and information sharing).
Matters of comfort:
- There is now a more active Inspector-General of Intelligence and Security. The role has gradually developed into a more responsive, better resourced office with independent powers of inquiry and reporting.
- GCSB reported the issue to the Inspector-General once they discovered it.
- That the issue was discovered during an internal audit of GCSB itself is comforting.
- The Inspector-General found that the risk of a repeat has been reduced by improved integrity systems since 2010. This includes governing statute, operations, policies and compliance systems, as well as Inspector-General oversight.
- The GCSB has agreed to the recommendations made by the Inspector-General
On this final point, the Inspector-General’s recommendations focus on improving internal guidance, record keeping and audit; improving consultation with the Minister, and enabling better oversight of future international agreements by the Inspector General.
The report shows how important it is to have built into our public sector system independent checks on power like the Inspector-General of Intelligence and Security, the Inspector-General of Defence, the Auditor-General, Ombudsman, Privacy Commissioner. They are critically important to our public sector integrity framework.
Interesting Reading
The IGIS reports published on its website make interesting reading. Recent ones include a Review of three NZSIS counter-terrorism and violent-extremism class warrants obtained by NZSIS in 2022 and 2023 (report published March 2024). The warrants authorised the Service to target classes of individuals in the context of counter-terrorism and violent extremism. The Inspector-General found that the first two iterations of the warrants did not meet the legal tests for necessity and proportionality in the Intelligence and Security Act 2017 (the ISA) for warrants to be issued. The issue being considered is the application of the most intrusive powers of the Service against individuals who may fall within target classes.
In another report (Jan 2024) the Inspector-General considers the GCSB's acquisition and use of bulk personal datasets. https://igis.govt.nz/publications/igis-reports/