Anyone else feel their jaw move rapidly to the floor as news of the GCSB’s problems emerged this week?
The Standard has spent a lot of time over the years talking about the GCSB. Check out these posts to get a flavour of what we have covered. So the problem was not unexpected. But the desire to say told you so is fuckin so strong.
Here is RNZ’s analysis of what happened:
A foreign agency ran a spy operation out of New Zealand’s Government Communications Security Bureau for years without ministers knowing.
The Inspector General of Intelligence and Security has revealed this in an investigation out on Thursday.
It has found the GCSB knew when it agreed to host the signals intelligence system it could be used to support “military operations by foreign partners”.
“The capability clearly had the potential to be used, in conjunction with other intelligence sources, to support military action against targets,” the report by IGIS Brendan Horsley said.
The system operated from 2013 until 2020, when it was stopped by an equipment failure.
But government ministers were not told despite the agency knowing how sensitive it was.
The current GCSB senior leadership and legal team “apparently knew nothing of the system”.
“It was ‘rediscovered’ at a senior level following concerns being raised in 2020 about another partner system hosted by GCSB.”.
The system was of no benefit to the GCSB, which did not know what the outcome of the spying was, the inquiry said.
This raises so many questions …
Let me see if I am understanding this. A foreign agency put in some equipment and collected some or all of the information that the GCSB was collecting and it was then transmitted to a foreign agency, presumably a member of the Five Eyes Network. The information that the GCSB insisted was protected by all sorts of measures that clearly did not work?
The first question is which nation. The answer is probably the United States of America. No other answer makes any sense. I cannot imagine Canada for instance wanting to hoover up our data.
In the past Mike Smith in particular has been a keen watcher of what the GCSB has been up to. And blogger No Right Turn has taken an active interest in what has happened.
In my review of old posts I found this quote from Whistleblower Edward Snowden from 2014:
Once the NSA has successfully subverted or helped repeal legal restrictions against unconstitutional mass surveillance in partner states, it encourages partners to perform “access operations.” Access operations are efforts to gain access to the bulk communications of all major telecommunications providers in their jurisdictions, normally beginning with those that handle the greatest volume of communications. Sometimes the NSA provides consultation, technology, or even the physical hardware itself for partners to “ingest” these massive amounts of data in a manner that allows processing, and it does not take long to access everything.
Remember the insanity of the 2014 election and Bomber Bradbury’s Auckland Town Hall meeting and the claim of a smoking gun to prove that Key knew about Kim Dotcom before Dotcom’s home was raised. This was the red herring of red herrings.
But some of what was said appears to be true. For instance:
[Journalist Glenn] Greenwald said he knew for certain that the New Zealand government engaged in “extraordinary amounts of analysis of metadata”. Meaning who is talking to who, for how long, where they are when they speak, on a massive indiscriminate scale not just internationally but of New Zealanders as well.”
New Zealand spent an “extraordinary amount of resource” for a country its size on electronic surveillance and “every single thing that the NSA does…involves NZ directly. They are full fledged allies of this effort.”
And of course there was the effort of John Key’s Government to set up a system allowing for our mass surveillance. Although he denied it repeatedly I would be surprised if it did not happen. And it looks like a piece of equipment may have sent at least some of the results overseas.
John Key during the weekend came out swinging and said that although a “business case” had been prepared by the GCSB for the mass surveillance of New Zealanders he had, after quite some time, put a hold on it. The phrase “business case” is interesting. Putting a monetary value on the violation of our rights of privacy shows how dollar centric this Government is.
Andrea Vance has set out a helpful timeline. In November 2011 two New Zealand corporations were subject to a cyber attack. Rumours are that one of them was Fonterra and that the attacks originated from China. The response of the Government was to contemplate the mass surveillance of New Zealanders. But you have to wonder why. As said by Danyl McLaughlan “[h]arvesting meta-data about phone calls or web traffic of New Zealand citizens does absolutely nothing to stop Chinese hackers targeting Fonterra or MFAT. It’s a bit like your local police officer saying ‘I think someone is trying to break into your house so I’m gonna drill peepholes in the walls of your bathroom and bedroom’.” The phrase “never let a good crisis pass you by” springs to mind.
Key says that he put a stop to it. But here is the jaw dropping feature about the work. It was started in early 2012 and Key only told the GCSB to put a hold on it in March 2013. According to his version it is clear he changed his mind presumably only after the controversies surrounding the GCSB came to light.
Key has promised to declassify and release GCSB documents that he says will back him up. It makes you wonder why the documents were classified in the first place as well as why they should be declassified for political purposes. And why at the time we were not told about this most intrusive of projects.
And there was at the time this admission by John Key that he could not rule out US spy agency NSA having New Zealanders’ electronic communications under surveillance, even if the GCSB doesn’t.
There was also confirmation that New Zealand was hoovering up data from our Pacific neighbours and sending it on to the United States. Perhaps this was the job of the equipment. From my post in 2015:
The Herald this morning has reported on the latest analysis of New Zealand’s data gathering role based on Eric Snowden’s files. The story is bound to have a profound effect on New Zealand’s relationship with its Pacific neighbours. Essentially New Zealand has been collecting data en masse from them and handing it over to the Americans.
New Zealand’s spies are targeting the entire email, phone and social media communications of the country’s closest, friendliest and most vulnerable neighbours, according to documents supplied by United States fugitive and whistleblower Edward Snowden.
Snowden’s files reveal a heavy focus on “full-take collection” from the Pacific with nearly two dozen countries around the world targeted by our Government Communications Security Bureau.
Information from across the Pacific is collected by New Zealand’s GCSB but sent onto the United States’ National Security Agency to plug holes in its global spying network, the documents show.
From there, the documents show information collected by New Zealand is merged with data captured from across the world. It is then able to be accessed by the NSA’s XKeyscore computer program through an online shopping-style interface, which allows searching of the world’s communications.
Ex GCSB head Bruce Ferguson did confirm that New Zealand was harvesting data from our Pacific Neighbours.
If the intelligence collection started in 2013 it may or may not have been related to changes made to the Government Communications and Security Bureau Act 2003 made in 2013 by the Key government.
The latest revelation makes you question all of the assurances previously given. There needs to be a proper inquiry into what has occurred.
Powered by WPtouch Mobile Suite for WordPress