25 May 2016

GCSB links to NSA unsurprising - new spy boss

9:38 am on 25 May 2016

It should come as no surprise that New Zealand's electronic spy agency maintains a close relationship with its Five Eyes partners, says the new head of the Government Communications Security Bureau (GCSB) says.

Andrew Hampton

Andrew Hampton Photo: RNZ / Jane Patterson

Andrew Hampton has dismissed the latest release of documents leaked by former National Security Agency (NSA) contractor Edward Snowden as an attempt to discredit intelligence agencies.

Newsletters from 2003, released by The Intercept website, show close and regular communication between the United States' NSA and the GCSB, as part of the Five Eyes alliance.

They also confirm the GCSB had a permanent liaison officer based at the NSA.

Mr Hampton would not say whether the same arrangement was still in place today.

But he said it should not come as a shock to anyone that there is a high level of engagement with other Five Eyes countries and that "from time to time" New Zealand had people based with other agencies.

The Intercept has started the gradual release of the regular NSA internal newsletter, published about three time a week beginning with the first 2003 newsletters - 166 documents in all.

The Intercept website said it would "periodically release" batches until the entire set, up to 2012, had been made public.

The 2003 newsletters contain detailed descriptions of operations, including the capture of wanted Iraqis in the months following the 2003 invasion of Iraq, including the Ba'ath Party Regional Command Chairman and the "King of Diamonds" on the CENTCOM "deck of cards", Aziz Salih Al-Numan.

They also range from travel experiences of agents posted around the world to lighthearted employee profiles and "Practical Jokes and April Fools" on 1 April.

Al five countries on the long-standing intelligence-sharing network - New Zealand, Canada, Britain, the United States and Australia - were on the newsletter distrubution list.

The Government Communications Security Bureau (GCSB)'s spy base at Waihopai, near Blenheim.

The Government Communications Security Bureau (GCSB)'s spy base at Waihopai, near Blenheim. Photo: SUPPLIED

The 13 August newsletter gave NSA employes details about "Second Person Liaisons" carried out by Special US Liaison Officers (SUSLO).

Their job was described as being "senior representatives to Second Party countries" and responsible for the "continued effectiveness of cryptologic collaboration" between NSA and its partners.

The newsletter said these liaison officers were in daily contact with the partner countries. One of those was SUSLO Canberra, who also handled dealings with New Zealand.

It also said each Five Eyes country had a senior liaison officer of its own based at the NSA, with the New Zealand Liaison Office (NZLO) representing the GCSB.

On 19 May, the newsletter talks about preparations being "in full swing" for the international SIGINT conference "Creating Opportunities for Collaboration", which was held at NSA.

Included in the opening address was a speech from SIGINT Development Leaders from each Five Eyes country, including New Zealand's GCSB.

Workshops at the conference included: Convergence/Cross Media Chaining, Network Analysis, Follow the Money/People/Goods, Target Templating, Social Network Analysis, Skills & Training.

In November, there was a reference to the remit of the Joint International Topics Cell being expanded from a "bi-lateral agreement supporting counter-terrorism" to a "Five Eyes collaborative effort covering additional transnational problems: counterproliferation and international crime and narcotics".

Mr Hampton said the release of the newsletters was just the latest attempt to undermine the agencies.

"The world unfortunately is a less safe place as a result of the disclosures ... primarily because it has hastened the move of terrorist organisations to move to full, end-to-end encryption.

"They were going that way but somewhat ironically, we now have terrorist organisations that are as cybersecurity savvy as government organisations, and that is a real concern."

The new role

Just five weeks into this job, Mr Hampton has had plenty of experience in the public sector, most recently at the State Services Commission.

He said it was "entirely appropriate" the head of the GCSB should be accessible, and accountable to Parliament and the public.

"The public definitely needs to know where its dollars are spent, the public definitely needs to be reassured that an organisation that has the intrusive powers that we do is always acting within the law and within the public interest, so it's something I'm very comfortable with."

Following the review carried out by Sir Michael Cullen and Dame Patsy Reddy, the government has been considering a proposal to draft one Act to govern both the GCSB and the Security Intelligence Service (SIS), and free up the GCSB to be able to intercept New Zealanders' communications.

Mr Hampton said he could not comment specifically on the proposal because it was still with ministers.

But he did say the current law sometimes made it difficult to carry out one of the GCSB's functions - to assist other agencies. He said this needed to be appropriately authorised and supervised.

"Sometimes there are challenges in working effectively with other agencies because our laws don't match up that well."

He said one example could be where a New Zealander is lost overseas.

"And unless either Defence or the police forces or the SIS had some legal authority we would not be able to help track that person down by seeing where they had last made their cellphone call.

"So, yes, things like that are limitations on our ability to act in New Zealand's national interest."

But the job of the GCSB was to implement the law as it was now, not as it possibly would be in the future, he added.

Protecting NZ companies

Mr Hampton also said the GCSB had an important role to play in protecting strategic New Zealand companies, such as export companies and people who run infrastructure, other "economic generators", and government agencies from cybersecurity attacks.

Hacker, cyber attack, (File photo)

Photo: 123RF

He said the primary tool was the Cortex system, which can be used only under warrant from the responsible minister and the Commissioner of Warrants, and with the consent of the company or organisation.

"Essentially what it is is a series of overlapping services which together screen the internet traffic of those organisations for very advanced, normally foreign-sourced forms of malware."

There has been debate about the privacy of the staff of those companies and agencies where Cortex is used, but Mr Hampton said one of the conditions of use was that staff and customers were informed their communications could be accessed for cybersecurity reasons. However they were not told specifically that it was Cortex.

And he said most of the screening was done by machines, not people, except in the occasional instance where an alert went up and a potential threat needed to be investigated.

Mr Hampton also said one of the key benefits from the Five Eyes alliance was that partner countries provided a lot of information about the cyber threats and malware they were facing, which could help New Zealand to avoid those potential threats.

Get the RNZ app

for ad-free news and current affairs