Friday, November 6, 2015

Security Intelligence Community say 'must finish what we have started'

This week brought us not just one but three reports from the ‘intelligence community’.

First there was the annual report of the Inspector General for Security and Intelligence (IG), Cheryl Gwen. It is pretty damning, and echoes many of the criticisms raised in the State Services 2014 review of the intelligence community, especially regarding the SIS.

The IG's annual report was covered on stuff, but there is a better analysis on No Right Turn. The report is littered with findings like this:
In the course of these inquiries, I identified systemic shortcomings in the procedures followed by the NZSIS. […] The process of preparing and finalising those reports has been more protracted than I would have wished because of the time required for my office and for NZSIS to work through the systemic issues that I had identified.
And it culminates in this conclusion:
As noted above, the Service lacked a compliance framework and policy, audit framework and dedicated staffing throughout this reporting period.[...] For those reasons, I cannot conclude that NZSIS had sound compliance procedures and systems in place.
Note that the innocent sounding word ‘compliance’ means nothing less than the organisation operating within the law. 

As if to counter the impression of an out of control organisation a reader would get from this report, a quasi-internal review by the SIS which had concluded in July was declassified a few days after the release of the IG’s report. It comes to the almost opposite conclusion:
The reviewer did not find any evidence of (nor was given any reason to believe there was) significant non-compliance within NZSIS.
So everything is OK then? Maybe Cheryl Gwen is a bit too critical. Or maybe Rebecca Kitteridge is a lot less concerned about these things now that she is actually responsible for the SIS than she was in 2013 when she reviewed the GCSB. Her report back then read very similar to Gwen‘s report about the SIS does now. Sometimes the best way to shut critics up is to put them in charge.

A lot of the criticism of the SIS in the annual report by the IG is around security vetting. This is when someone applies for a job and has to pass a security clearing, which is done by the SIS. The report states that “the assessment of security clearance candidates is a significant aspect of the NZSIS’s functions. There are, at any given time, some thousands of people who require New Zealand government security clearances in order to retain their employment. Staff responsible for security clearance assessments comprise approximately a quarter of the NZSIS.” The IG investigated this area because of four complaints she had received from people who had either missed out on a job offer or had lost their job as a result of a negative security assessment by the SIS. It is likely that there are a lot more cases out there who didn’t bother complaining or never knew they failed a security clearance.

According to the report, there are three things the SIS has to do in the vetting process: “obtain all available relevant information”, “analyse all of that information” and “disclose all adverse information … to the candidate and give the candidate an opportunity to respond”.

That sounds easy enough, yet the report found that “NZSIS did not always obtain all reasonably available information”, that it “did not generally take steps to investigate possible bias (positive or negative) towards a candidate”, and that it “did not disclose adverse information or inferences to candidates for response.”

I.e. it did none of the three things it was required to do properly, despite a quarter of its staff being tasked with this.

Another area of concern was that of political neutrality, which appears to be a foreign concept at the SIS. This became public in the fallout of the ‘Dirty Politics’ saga, during which the SIS expedited an Official Information Act Request by Cameron Slater, while dragging its feet on similar requests by people who are not friends of the Prime Minister.

This had already been the subject of an inquiry by the IG in November 2014. Back then she found that the “Director and senior staff of the NZSIS […] failed to recognise the gravity of the controversy”, i.e. they didn’t even understand what all the fuzz was about.

The report now states that, as a result:
The position of NZIC Private Secretary has been established in the office of Hon Christopher Finlayson (as Minister in Charge of the NZSIS and Minister Responsible for the GCSB). The Private Secretary has been provided with State Services Commission’s written guidance on political neutrality. In addition, the SSC has provided a mentor to the NZIC Private Secretary.
A politician has been put in charge of teaching SIS staff how to be politically neutral. Surely, nothing can go wrong now.

So staff who have absolutely no awareness of what political neutrality means have for years been in charge of determining people’s security clearance, a process that decides who gets a job in the public service. They probably don’t know what the word nepotism means either.

With all this criticism being aired, someone probably thought it necessary to remind the public why we so desperately need these agencies, and declassified a year-old ‘top secret’ briefing to the incoming PM and the Minister in charge of the SIS and responsible for the GCSB.

This extraordinary document, authored by Howard Broad, Ian Fletcher and Rebecca Kitteridge, is well worth a read – it is revealing on many levels.

It is apparently aimed at a primary school audience and includes insights like “the internet doesn’t work like a telecommunications system, but more like an ocean of data with almost no respect for international borders.”

The briefing starts by listing the “six security problems that you [the PM] should really worry about”:
  • Violent extremism
  • Loss of information and data
  • Hostile intelligence operations in and against NZ
  • Mass arrivals
  • Trans-national organised crime
  • Instability in the South Pacific
No doubt John Key has never before thought about any of that. It then asks “what does the intelligence community actually do?” - also a pretty important thing to know for the Minister in charge of these agencies, so in their 'top secret' brief they make it clear:
  • Help keep Kiwis safe (NB. this is not to be confused with the DOC 'Save Kiwi' campaign)
  • Help protect and grow the economy
  • Provide foreign intelligence and assessment
The briefing is a textbook example of how bureaucrats manipulate politicians. Hidden amidst all the trivial flattery are a few sentences that contain the actual agenda. One of them is this, referring to the agencies’ continuing push for law changes: “we need to finish what we have started, but there is much more to do.”

Another one is this, which explains why we have been hearing so much from the SIS and GCSB in the last few months:
The statutory review of the intelligence agencies, their legislation and the oversight arrangements must commence before 30 June 2015. The Government response to that review should provide a sound basis on which to develop new legislation. We also see this as an opportunity to help build public trust and confidence.