Not reassuring

Back in December, John Key said that the GCSB is not engaged in the "wholesale collection" of metadata. Someone clearly didn't believe him, and so used FYI, the public OIA request site, to get the GCSB to confirm this. The response [PDF] appeared on FYI, and it is not reassuring.

Firstly, the GCSB denies "wholesale collection". But they do admit to some collection of metadata before September 2013, when it was illegal. Naturally they refuse to give details of exactly who and what, citing national security - a convenient cover when you're committing a crime.

Secondly, the GCSB admit to collecting metadata "as requested by customers" before September 2013 as part of its "cybersecurity" function. And this is where it gets interesting, because they refuse to either confirm or deny whether that information (or the information they illegally collected while gathering intelligence) was shared with their foreign partners. To point out the obvious: if they weren't doing it, they would simply deny it, and our minds would be at rest. The fact that they refuse to do so makes it clear that they are sharing this information. In English, this means that if you ask the GCSB (or their subgroup, the National Cyber Security Centre, to help you with hackers, they will give all your customer information to the NSA. So don't do that, okay?

Thirdly, there has been an explosion of surveillance since the passage of John Key's GCSB Amendment Act. According to their 2012/13 annual report, there were a total of 7 interception warrants and 14 computer access authorisations in force over the 2012/13 year. According to the OIA response above, there are now 33. So the GCSB's new powers have resulted in an immediate 50% jump in intrusive surveillance. Who are the targets? As usual, it's all secret. But there's been no public threat to justify such a massive increase in spying, and its hard to escape the conclusion that they're using their new powers just because they can.