About the only legitimate function the NZ Security Intelligence Service performs is vetting for security clearances: making sure people can be trusted with important government information. They've already shown themselves to be complete muppets at the job, granting a top secret security clearance to an utter fantasist and another to a woman who lied about having a PhD, but now the Inspector-General of Intelligence and Security has found that they don't properly safeguard the vetting information they collect either.
The full report is here, and its horrifying reading. Its not just about a lack of basic access controls and letting pretty much any SIS agent perve at any public servant's sex life, mental health history and finances; it also reports that there are
a range of other practices by which vetting file information is accessed for various purposes, some with access controls and some form of assessment of justification, and others without.Even more worrying, from subsequent recommendations about how employers should not be allowed to use such information, it suggests that the SIS is providing this information to other agencies. Which is not what it was collected for. While its legal - the SIS has a total exemption from the Privacy Act - its a basic abuse of trust. Which is pretty much what spies do: abuse our trust.
This is a serious problem: vetting files have people's dirt, their vulnerabilities, which in turn can provide leverage to get them to spy. So obviously its bad if the SIS lets this information fall into the wrong hands. In fact, the only thing worse than them failing to protect it is them abusing it themselves - which reading between the lines, seems to be exactly what is happening. Unfortunately the exact details have been censored because they could "through a loss of confidence, impair Service capabilities". In other words, if we knew what was going on, we'd demand that people be sacked and/or arrested. But covering up that sort of incompetence and wrongdoing isn't exactly a way to build confidence either.
Finally, once again we're reminded that every single time an outside person looks at the performance of the SIS, they find it wanting on the most basic level. Every single fucking time. And we give these incompetent, trust-abusing muppets $50 million a year. At what stage should we decide that this is not money well spent, and disband the entire organisation? IMHO, about twenty years ago.