I cannot conclude that NZSIS had sound compliance procedures and systems in place.
Given the importance of that statement - it is basicly saying that the SIS is unfit for purpose and that we have no robust way of determining whether they are obeying the law - you'd expect it to be headlined at the front of the report. Instead, its buried on page 48 (of 52). Doing that shows a fundamental misunderstanding by IGIS of their purpose. They're meant to be a watchdog, and when they find that scale of failure, they need to bark, and bark loudly. Instead, they've given us a quiet little whisper, in a manner apparently designed not to be noticed. To point out the obvious, this is unlikely to build public trust in the office, the utility of its "oversight", or in the institutions it is supposed to be watching.
As for the rest of the report, its a litany of abuse and failure. Some highlights:
- The SIS bullshitted their Minister in applications for certain complex and sensitive warrants, deliberately omitting information on the operations and "cooperation" with (or it seems, instigation by) other agencies which if included, might have meant that "the application might not have in fact met the statutory criteria" and/or "those involved in authorising each warrant might have reached different conclusions on these applications" (p. 21). Which shows the lie behind the claim (made by the IGIS at the beginning of their report) that Ministers are an effective check and balance. The spies control the information, they determine "need to know", and they can and clearly do mushroom Ministers to get the outcomes they want.
- The SIS has persistent and systemic problems with the fairness and accuracy of vetting for security clearances. They don't collect all relevant information, they don't assess it for bias, and they certainly don't allow applicants for security clearances to respond to concerns as required by the right to natural justice. These problems have featured in IGIS reports since at least 2008, and SIS has done nothing about them. SIS now claims to have done something, and I guess we'll see whether these problems keep popping up in future reports.
- Despite a clear legal requirement to provide visual surveillance warrants to the Inspector-General for review "as soon as practicable", SIS didn't bother to do this.
- Remember John Key's claim that the GCSB isn't collecting metadata on kiwis? They might not be, but our "partners" are, and so much of it that they accidentally access it with a typo (p. 36). Unstated: because its all in the same spy-cloud, its all there should the GCSB or SIS ever want to look.
- Despite revelations of persistent wrongdoing from both Edward Snowden and IGIS, the Inspector-General hasn't had a complaint under the Protected Disclosures Act in the past ten years (and maybe ever), and didn't even have a procedure for handling one. This has been fixed, but it points to a significant cultural problem in our spy agencies.
- IGIS is inquiring into what the SIS does with vetting material. As this is basicly blackmail on every senior public servant in Wellington, there are obvious questions around both security and retention.
- IGIS is inquiring into whether NZ intelligence agencies' "engagement" (knowledge / benefit / contribution to) US torture.
The overall picture is that SIS is a mess and highly resistant to change, or basic compliance with the law and democratic norms. GCSB seems to be more open to reform, but there still clearly huge problems, both with what they do (regardless of legality) and with their internal culture. The complete lack of whistleblowing complaints speaks volumes.
As for the SIS, the failures disclosed in this report should be a death-knell for granting them any further powers - they clearly cannot be trusted with the ones they've got. Sadly, I expect these failures will be ignored by Ministers and their rubberstamp review team.