Data mining would help SIS counter-terrorism effort despite public 'reticence' - report

8:20 am on 23 March 2021

A newly released report shows faster and wider harvesting of data about people was identified as a priority for bolstering counter-terrorism efforts.

No caption

The report on the SIS said anything which could help investigators develop a more detailed understanding of a threat more quickly is of critical importance. Photo: Markus Spiske / Unsplash

The 135-page report about how the Security Intelligence Service (SIS) performed prior to the mosque attacks warned "data mining" may not go down well with the public but said the service should explore the government's "appetite" for it.

The review was carried out in mid-2019 by an independent expert from a Five Eyes partner.

It said the threat from extremists was speeding up and fragmenting. "Signals of intelligence activity are becoming increasingly weak, well hidden and fragmentary."

That blunted the SIS's standard investigative approach, which was not good at generating its own leads, the report said.

"Anything which can help investigators develop a more detailed understanding of a threat more quickly is of critical importance."

It recommended the SIS explore "the government's view and appetite regarding some level of data mining aimed at identifying emerging threats".

"The review[er] understands there will be some reticence regarding the use of such capabilities in New Zealand."

The report was internal to the SIS and marked "Top Secret", but declassified after sections were blanked out by the SIS. It was released because the agency wanted to show the public it tried to learn as much as it could from the mosque terror attacks as soon as possible, even before the Royal Commission of Inquiry reported back last December, and after an OIA request from RNZ.

It recommended not just looking at greater data mining, but more data sharing, for instance improving the limited or non-existent data sharing between the SIS and police, or the SIS and Customs.

The data push was picked up on in 2019 by the key government Combined Threat Assessment Group (CTAG) that helps oversee the SIS.

The CTAG committee suggested removing legislative barriers and developing online data sharing platforms not just between public sector agencies but also with "selected private organisations", according to the Royal Commission of Inquiry into the Terrorist Attack on Christchurch Mosques report.

The SIS had already begun leading this work, the commission said in its December 2020 report.

The review for the SIS talked to 50 employees within three months of the attack.

"There is no secure, shared data repository or workspace accessible to multiple public sector agencies," it said.

"This is a well-recognised issue for New Zealand's counter-terrorism effort."

Fixing this could cost a lot.

"There are potentially very significant resourcing implications (human, technical and physical) associated with significantly enhanced leads-generation.

"The greatest resourcing considerations will likely relate to the cost of developing the information technology infrastructure required to deliver data and information to NZSIS and the cost of the associated auditing capability."

The government in last year's Budget put an extra $11m into the SIS (and $39m into the Government Communications Security Bureau, which monitors the internet for threats). That was in addition to the $180m boost to the intelligence agencies over a four-year period to 2020.

Any boost to data mining powers had to be carefully audited, the review said.

Overall, the report said the SIS had "achieved a great deal" since hitting "an extremely low base" in 2014.

Some of the biggest investigative changes were under way by 2018, along with an expansion of threat assessments to include rightwing extremism.

The security systems were "broadly effective" and the agency was not sitting on information that could have identified the terrorist before the mosque attacks.

SIS Director-General Rebecca Kitteridge said the agency had already "strengthened the way we identify and investigate national security threats and has changed the mechanism through which leads are prioritised and assessed".

The review also recommended law changes so police could more easily charge people with planning a terrorist attack.

A lot of resources were being diverted to monitoring threats not investigating and prosecuting them because the law was too limited, it said.

The government has vowed to change the law and to fast-track work on this.

Justice Minister Kris Faafoi would not be drawn on where this is at, telling RNZ in a statement it was not appropriate "to detail the nature or content of that work given Cabinet decisions are yet to be made.

"The government is working through the process of reviewing legislation... Work to examine what changes may be necessary is happening across agencies," Faafoi said.

Get the RNZ app

for ad-free news and current affairs