But, also, the organisation obtaining the capability must consent to receiving it – and agree to a number of conditions (for example, each recipient must conduct the highest level of basic cyber-hygiene, advise those who interact with their computer systems (staff, customers) that their communications may be accessed for cyber security purposes and, for the reason above, maintain confidentiality about the services it is receiving).[Emphasis added]
And on The Nation:
Gower: Yeah, but I would be told, would I, by the company that they’ve now put Cortex on?The problem? According to research by Graeme Edgeler, a whole host of government departments and key economic generators which you would think would be top of CORTEX's protection list - organisations like DPMC, the Ministry of Defence, National Cyber Security Centre, MFAT, Fonterra, ANZ, the BNZ, and even the GCSB itself - have no such warning in their T&C. There are two possible conclusions: either CORTEX doesn't protect these organisations and Jagose has misled us about what it is supposed to protect, or Jagose was lying about notification. Either way, it doesn't suggest that the GCSB's new "opennness" is particularly trustworthy.
Jagose: You’ll be told that your communications will be screened or may be screened for cyber-defence purposes.
Gower: Right. How do you get told that?
Jagose: In terms and conditions of use, for example.