GCSB’s new powers for wide-spread spying on New Zealanders

There have recently been a number of revelations about the US government spying on its citizenry and other people around the world (a good summary). Many people have been shocked to find out the extent of the US’s spying and access into theoretically private systems.

What many New Zealanders don’t realise is that the NZ government is currently changing both the GCSB Act of 2003 and the Telecommunications Interception Capability Act of 2004 to allow similar levels of access to New Zealand communications for the GCSB (Government Communications Security Bureau).

Current law

The current TICA law already gives the GCSB, Police or SIS the technical capability to intercept all NZ communications if they have a valid warrant.

The GCSB can get warrants to spy on the communications of foreign people and organisations, although they can spy without a warrant if it doesn’t require the installation of any device (e.g. wireless/satellite/radio/mobile).

TICS – Telecommunications Interception Capability and Security Bill

The new TICS Bill clarifies and expands on these interception capabilities. It also allows them to be extended to service providers (people who offer “goods, services, equipment, and facilities that enable or facilitate telecommunication”) such as email providers, Trademe forums, Mega, etc.

TICS continues the existing regime where these interception powers can only be accessed with a valid warrant, but keep reading for the new exceptions to this in the GCSB Bill.

Furthermore, the TICS Bill also creates a new role for the GCSB, ensuring the security of New Zealand’s telecommunications infrastructure. This includes wide powers of oversight and control of how communications networks are managed and implemented in order to “protect New Zealand’s national security or economic wellbeing”.

GCSB – Government Communications Security Bureau and Related Legislation Amendment Bill

The new GCSB Bill gives the GCSB three purposes (we’ll come back to these):

  • 8A – Information assurance and cybersecurity. (Expanded from protecting government communications to a much wider responsibility for New Zealand’s communications.)
  • 8B – Intelligence gathering, analysis and sharing. (Similar to the existing law except that it adds “gathering information about information infrastructures” to the existing spying on foreign people/organisations.)
  • 8C – Helping the Police, SIS and Defence Force by providing advice and assistance in helping them execute their own legally obtained warrants. (This is entirely new.)

The bill doesn’t significantly change how the GCSB can apply for an interception or search warrant, but it does add a whole new class of “access authorisation”. To quote section 15A(1)( b)

The Director may apply in writing to the Minister for the issue of an access authorisation authorising the accessing of 1 or more specified information infrastructures or classes of information infrastructures that the Bureau cannot otherwise lawfully access.

These authorisations are granted at the whim of the Minister (although see below) and are incredibly wide-ranging and open-ended. There are no recommendations of limits (other than what the Minister sees fit to impose) and there is no automatic expiry. And just in case you thought that the TICA/TICS law might provide some protection, the GCSB Bill goes on to add section 15A(5):

This section applies despite anything in any other Act.

Most importantly these new access authorisations can be used for purpose 8A (cybersecurity) as well as 8B (information gathering). As paragraph 36 of the Regulatory Impact Statement explains: “an amendment will also be required to allow the GCSB to see who (namely NZ individuals and companies) is being attacked”. That is to say, the GCSB believes that it needs to be able spy on New Zealanders to maintain ther security. Based on what we know from recent reports in GCSB activities, we assume that the GCSB particularly intends to collect communications metadata (i.e. who speaks to who, when and how often but not what they say).

If you had any doubts about whether this applies to NZ communications, section 15B then further clarifies that for any access authorisations “for the purpose of intercepting the private communications of a New Zealand citizen or permanent resident of New Zealand under section 8A (cybersecurity)” the authorisation must be approved by the Commissioner of Security Warrants as well as the Minister.

And finally if you were hoping that section 14, which controls the ability of the GCSB to target New Zealanders would provide any protection, this only applies when the GCSB is performing duties under section 8B (intelligence gathering) and not section 8A (cybersecurity).

Putting it all together

The GCSB believes it needs to monitor the communications of New Zealanders in order to ensure that it can protect them from attacks.

TICA and TICS establish the technical capability for the GCSB to spy on any communications, subject to the limits in that law and the GCSB Act.

A section 15A(1)(b) access authorisation can give GCSB power to access any communications system it wants for the purpose of spying or information security, irrespective of any legal controls in any other law. This will allow it access to the facilities provided by TICS/TICA.

The GCSB will be spying on New Zealanders.

Conclusion

These new laws are not some minor adjustments to the work of the GCSB and how interception works. They are not just about letting the GCSB provide technical assistance to the Police, SIS and Defence Force.

While people in the USA are getting upset about the revelations of the extent of NSA spying there, these new laws give the GCSB far greater control of New Zealand communications networks, and practically unlimited capacity to intercept New Zealand communications.

These new laws are the point at which New Zealand switches from being a society that investigates “bad guys” subject to judicial oversight, to being a surveillance state where the government is always watching and recording everyone just in case they’re thinking about doing anything wrong.

We don’t want to live in that society. We believe that these new laws contravene the right in the NZ Bill of Rights to be free from unreasonable search and seizure, and will have a chilling effect on the rights to free expression and freedom of association.

We think that these laws need to be stopped.

14 thoughts on “GCSB’s new powers for wide-spread spying on New Zealanders”

  1. How does this affect ISP and employees of other providers who will be required to assist the GCSB? Clearly, they’ll be bound to silence but nevertheless know what’s going on and potentially have access to private and sensitive data.

    In other words, would say a network engineer become an intelligence gathering officer?

    1. Not sure. I’m writing a submission on the Bill, but the only way it will be stopped is if enough people get upset about it that it becomes politically untenable.

  2. @ Juha The thing which bugs me is the continual need to inform the GCSB on any material changes to the network topology. A warrant is still needed to get at data.

    What also interests me is the need to access communications from content providers rather than access the same data but in transit. Presumably this is so the spooks can access unencrypted data at its presumed source.

    1. A warrant for a particular investigation… or the GCSB can apply to the Minister for an access authorisation for permanent ongoing access to any system (you did read the article, right?) for the purpose of cybersecurity and spying on foreign communications.

  3. “the authorisation must be approved by the Commissioner of Security Warrants as well as the Minister.”

    – which Minister is this?

    thanks

  4. It’s not completely awful

    The Commissioner of Security Warrants is appointed by the Governor General and must be an ex High Court Judge. Hopefully someone who would be looking to prevent abuse of the Law.

    However I would prefer if the act would instead require a warrant from a current sitting High Court judge, similar to requirements for the police. I will be making a submission in support of this idea.

    1. Appointed by the Governor General … on the recommendation of the Prime Minister who happens to be the Minister responsible for the SIS and GCSB. Suddenly that doesn’t sound quite as independent any more does it?

      I’ve been told it’s worth looking at the Australian oversight provisions but I haven’t managed it yet.

  5. I’m about to make a submission myself, but the government website now says that “the closing date for submissions has been extended to Friday, 21 June 2013.” This is good, but we should try to let more people know.

    http://www.parliament.nz/en-NZ/PB/Legislation/Bills/f/b/f/00DBHOH_BILL12122_1-Government-Communications-Security-Bureau-and.htm

    Incidentally, the new law is ever worse that noted above. As well as the NZ Police, Defence Force, and SIS, it allows any government department, on the authorization of the Governor-General, to make use of the GCSB’s facilities, in order to spy on us.

    What is also shocking, although not new, is the provision for warrantless surveillance. This presumably allows agencies such as the GCSB to initiate surveillance on their own. Does anyone know more about this?

    1. Thanks Greg, I’ve put that on our Twitter feed.

      The GCSB has always been able to do certain sorts of warrantless surveillance on foreigners – the bill changes it so that it can do this on New Zealanders too.

  6. I’m going to start a petition with a spare website I’m not using and try get the media involved. Who would be interested?

Comments are closed.