Tuesday, April 09, 2013

Lawless and dysfunctional

So, the Kitteridge report into the GCSB apparently shows up to 85 further cases of illegal spying on New Zealand citizens. According to former GCSB Director Bruce Ferguson, the spying was done on behalf of the SIS and Police and had warrants from them. But the law is crystal clear:

Neither the Director, nor an employee of the Bureau, nor a person acting on behalf of the Bureau may authorise or take any action for the purpose of intercepting the communications of a person... who is a New Zealand citizen or a permanent resident.

(My emphasis)

Which outlaws even assisting with warranted interceptions under other acts. And for the GCSB to have got that wrong again suggests they are illiterate morons incapable of reading and understanding their own governing legislation.

Naturally the spies are blaming the law, and its apparent that their preferred outcome is a law change to allow them to spy with impunity. That is not something we should accept. While a criminal prosecution may by iffy, there needs to be accountability for this. Heads need to roll for it, and the prohibition on domestic wiretapping needs to be preserved. If we erode that rigid separation of powers between police, SIS and GCSB, then we are likely to encourage all sorts of unpleasant behaviour.

Meanwhile, that's not the only problem with the GCSB:
The GCSB's organisation was overly complex, fragmented and had too many managers. Poorly-performing staff were tolerated, rather than fired or disciplined, because of fears that disgruntled former employees could pose a security risk.

The agency was also isolated and disconnected from the rest of the public service, the report says.

GCSB staff were reluctant to stray outside classified channels or seek external advice. New legislation was not analysed for possible implications on GCSB's activities.

Record-keeping within the bureau was poor, with staff relying on oral briefings or emails. Kitteridge struggled to find crucial policy documents and noted that some audit reports were missing.

She also identified a lack of oversight by the Inspector-General of Intelligence and Security, the watchdog who visited only four times a year, and was tied up with SIS work.

The core problems here are a culture of secrecy and a complete lack of oversight. The former is part and parcel of being an intelligence agency, but its clearly gone toxic, and the agency needs a thorough clean-out. But the lack of record-keeping is more troubling. If there's one thing you should be able to rely on spies to do, its to write everything down (and stamp it "Top Secret" for extra thrills). If GCSB aren't doing this, we also need to ask whether they are actually capable of doing their job.

Finally, there is one question the report apparently doesn't address: do we actually need GCSB? The bureau has two purposes: collecting foreign intelligence, but supposedly also to help our government), and providing computer security to the government. The former seems unnecessary, especially as it is primarily done on behalf of and to benefit a foreign power. It should be de-funded and stopped. If we're going to have a "Government Communications Security Bureau", then that is exactly what it should focus on: the security of communications by our government. And nothing else.