Snowden and New Zealand

10:00 May 15, 2014 126

Until this week, relatively little published from Edward Snowden's trove of NSA documents has concerned New Zealand and its specific role as a "Five Eyes" intelligence partner. Kim Dotcom's lawyers have revealed to us more of our own security business than Snowden has.

But yesterday, Snowden's journalistic ally Glenn Greenwald released another tranche of documents, alongside his new book on the Snowden story, No Place to Hide. And finally, we're in the picture. David Fisher summarised some of the key points (from yet another Powerpoint presentation, in this case for a Five Eyes conference in 2011) thus:

* our GCSB spies were shown instructional slides on how to operate the X-Keyscore surveillance program which trawls mass harvested email addresses, phone numbers, online chat, web-based email and attachments sent;

* they were privy to diplomatic espionage by other Five Eyes partners, including spying which was Canadian spies capturing the emails, text messages and phone calls between the Brazilian president and her aides;

* they were briefed on the NSA's efforts to deliberately put backdoors into private companies' computer networks;

* and the were given access to a program called "Homing Pigeon" which allowed in-air communications on passenger jets to be monitored.

One NSA document tells New Zealand and its other "Five Eyes" intelligence partners the ambition is to "know it all", "collect it all", "exploit it all" and "partner it all".

It's going to take a while to read, let alone analyse the significance of the new documents, but this slide on Five Eyes' "New Collection Posture" makes for an interesting start:

How does "sniff it all" sit with this assurance last week from GCSB director Ian Fletcher?

He also offered an assurance that neither the GCSB or any foreign agency was engaged in the mass collection of metadata or information about New Zealanders' communications which can be sifted for patterns that might point to areas of interest for authorities.

"We don't do that stuff. It's important to keep on saying that."

He also offered an assurance that neither the GCSB or any foreign agency was engaged in the mass collection of metadata or information about New Zealanders' communications which can be sifted for patterns that might point to areas of interest for authorities.

And how exactly does "partner it all" describe the relationship between the GCSB and foreign intelligence agencies and what information is deemed appropriate to share? How does "share it all" tally with John Key's assurance that the GCSB does only "limited sharing" with the other agencies?

The problem here, as it was with the very first Snowden story, is that we're trying to derive meaning from a Powerpoint slide full of slogans and jargon. We're not going to get the answers by just looking at slides.

By coincidence, this week the GCSB and the National Cyber Security Centre (NCSC) released their "guidance" for New Zealand network operators, which sets out the expectations under the Telecommunications (Interception Capability and Security) Act, which passed last year. Among other things, the agencies will effectively have a say over network design:

Network operators must notify GCSB when changes to their networks are proposed and GCSB may need to be involved ahead of any network infrastructure purchases.

One obvious motivation for such a requirement would be to avoid the danger of compromised infrastructure. But if GCSB has been briefed on NSA's own efforts to compromise commercial network products, has it -- or would it -- waved through software or hardware it knows to contain such a backdoor?

Efforts by Britain's GCHQ to develop malware to compromise personal computers (and, among other things, turn on their cameras and microphones) were the subject this week of a legal challenge from Privacy International. And American legislators are this week pushing back against language in the bizarrely-named USA Freedom Act that seems to allow the NSA to exploit vulnerabilities it finds in software, without revealing them to vendors or the public.

There's an obvious hook in the documents for Australians. Their security agency explicitly asked the NSA to spy on Australians of interest. Few Australians are going to object to the surveillance of known or even suspected terrorists. They would be justified in wanting to know some more about where the boundaries lie.

Wired has an interesting precis of Greenwald's account of the fairly messy way the Snowden documents first made their way to the headlines. Greenwald himself hasn't come off entirely well in other published narratives so it's useful to have his version in detail.

This is clearly going to take a while to unwind. But these things seem important for us to talk about.

The documents released yesterday are here, bundled into a 12.9MB PDF.

126 responses to this post

First ←Older Page 1 2 3 4 5 6 Newer→ Last

Rob S, 10:25 May 15, 2014

Too messy.
Too complicated.
Nothing to see here, move along
More handwavium from that nice Mr Key.
Where's my tax cut?
I can't see this issue going anywhere, would like to be proved wrong of course but very much doubt it.
Followed by weary sigh.

Since Apr 2010 • 136 posts Report
Tom Semmens, 10:40 May 15, 2014

Fletcher also said:
"First of all it would be illegal if we were doing that and we don’t act outside the framework of the law, that’s a really important point to start with”.
Which sadly when spoken by an intelligence chief of a five eyes nation nowadays simply brings to mind the old observation that the Nazis never acted outside the framework of the law, either.
"The kind of security I am referring to is not censorship, nor really anything to do with content. Rather it is the kind of framework of law and order, supporting our ability to go about a lawful business, which we have built up so painstakingly and painfully in the analogue world, really since civilizations began."
Which sound awfully like justifying the use of surveillance allowed under anti-terror laws to chase copyright and intellectual property criminals, whom presumably our little Yankee lap dogs are more than happy to re-designate as terrorists. After all, you send a squad car to arrest a copyright infringer who fails to appear in court after a summons. You launch a helicopter raid on a terrorist’s mansion.
Anyway, I have absolutely no doubt our GCSB is as guilty of surveillance over-reach as all the other intelligence gathering agencies in the five eyes countries have been proved to be. The GCSB would never wanted to have been exempted from taking part in mass surveillance. Why would you trust their denials now? The British and Americans and Canadians lied repeatedly about their spying, lying then constantly exposed by Snowden’s revelations. They are all part of the five eye hive mind, behaving like a federation of deep states. If there is one thing we know about the culture of our intelligence community and their minister it is they all desperately want to be in the United States cool kids club. I have zero doubt that Fletcher’s words contain (for him at least) some sort of mendacious weasel words rationale that will allow to claim he wasn’t lying when the truth comes out. And it will come out, eventually. In a democracy you can't keep all the spooks silent all the time. Just ask Edward Snowden.

Sevilla, Espana • Since Nov 2006 • 2217 posts Report
Stephen R, 10:47 May 15, 2014

If I think about TICSA too hard, it just makes me sad.
Discussing it at home last night, we decided that basically it was going to mean the GCSB mandating use of routers/Network configurations that were compromisable by the NSA or GCSB. I'd bet that if a network provider found a way to firewall off any command/control signals from outside their network, the GCSB would tell them to stop.
There doesn't seem to be a way to avoid being observed, sorted, classified and profiled without giving up on modern life.

Wellington • Since Jul 2009 • 259 posts Report
Andrew E, 10:56 May 15, 2014

One possibility that should be considered is how agencies define 'collection'.
The plain English sense of the word, gathering and storing for future retrieval, is not necessarily the meaning of the word as used by these agencies.
They define 'collection' as when a human being looks at material that's been vacuumed up by automated systems. See this piece by the EFF.

174.77 x 41.28 • Since Sep 2008 • 200 posts Report
Kumara Republic, 11:01 May 15, 2014

And in a very timely fashion, there's the Internet Party's "Smile for the GCSB" advert smack bang on this very page.

The southernmost capital … • Since Nov 2006 • 5446 posts Report
kevinM, 11:02 May 15, 2014

My takeaways:
Given the capabilities listed, and the volume of events captured, it's almost impossible to believe that lots of data about NZ citizens was not recorded.
As Tom has suggested, there's a smugness and arrogance in the slidepacks that deeply disturbs me. The Yanks and the Brits and the Aussies have overreached their legal powers and lied about it and been caught. While I would like to believe that our own spooks are squeaky clean, I think that Ian Fletcher is deliberatly misleading us, if not flat-out lying.
It's quite clear from the documentation that thees capabilities are being used for diplomatic advantage and financial advantage of US corporations.

Wellington • Since May 2014 • 6 posts Report
Russell Brown, in reply to Kumara Republic, 11:04 May 15, 2014

And in a very timely fashion, there’s the Internet Party’s “Smile for the GCSB” advert smack bang on this very page.
I know, right? I knew their candidate intake closed yesterday and I was wondering how they'd swap out their campaign. And then I published the post and saw it :-)

Auckland • Since Nov 2006 • 22850 posts Report
Paul Campbell, 11:20 May 15, 2014

“Oh yeah!
Put money, National Interest, and Ego together, and now you’re talking about shaping the work writ large.
What country doesn’t want to make the world a better place .... for itself?”
page 96 in the PDF, kind of says it all
page 32 shows where all our packets are intercepted

Dunedin • Since Nov 2006 • 2623 posts Report
Steve Barnes, 11:25 May 15, 2014

has it – or would it – waved through software or hardware it knows to contain such a backdoor?
From The Herald article which you quoted... Snowden docs: GCSB links to US spying programmes
* they were briefed on the NSA's efforts to deliberately put backdoors into private companies' computer networks;
"Has it or would it?" well, the answer to that is "Hell yes" and Xion Qui would know that, even though he would "reject that accusation" or call it "More nonsense from the loony left" or some such twaddle as he is prone to do.
It seems all this bunch of power hungry greed heads just have to do is deny inconvenient facts and they go away.
The gullibility of the New Zealand public fills me with despair and anger, wake up sheeple.

Peria • Since Dec 2006 • 5521 posts Report
Idiot Savant, in reply to Stephen R, 11:30 May 15, 2014

There doesn't seem to be a way to avoid being observed, sorted, classified and profiled without giving up on modern life.
Vote out the spies?

Palmerston North • Since Nov 2006 • 1717 posts Report
bob daktari, in reply to Steve Barnes, 11:31 May 15, 2014

Wake up... and demand our spy services are closed down pending a fully independent review and possibly new entities formed that serve us not some foreign interests - I think we're safe from invasion or whatever the hell they protect us from in the interim

auckland • Since Dec 2006 • 540 posts Report
Andre Alessi, 11:32 May 15, 2014

By coincidence, this week the GCSB and the National Cyber Security Centre (NCSC) released their “guidance” for New Zealand network operators, which sets out the expectations under the Telecommunications (Interception Capability and Security) Act, which passed last year.
I'm interested in how this is going to work at a practical level. The guidelines themselves are quite broad, suggesting that if a network operator isn't sure whether a change is notifiable, they should contact the NCSC to check. This is going to result in a lot of notifications initially, at least until network operators iron out the process. (There is also no mention of timeframes, which could mean serious delays are on the cards for a while.)
For traditional telcos, notifiable changes won't be terribly frequent, but with VOIP services becoming more common, and with the flexibility (and corresponding ad hoc nature) of VOIP setups, I think we'll see notifiable events skyrocket in the next few years. Some providers will be good at notifying these events, but others won't even realize they need to.
I don't think exploitation of existing hardware/software exploits by agencies will increase under TICSA-if telcos are unaware of agencies using backdoors, there's nothing stopping them from fixing/patching them as soon as they become known in the industry, which is something that happens regularly. But installation of backdoors that network operators know about is the entire point of TICSA, so we'll see a lot more of that. Whether we see push back from network operators if they feel interception requests are too broad or too invasive...well, that's where things could get interesting.

Devonport, New Zealand • Since Nov 2006 • 864 posts Report
Hilary Stace, 11:33 May 15, 2014

Love the way the discussions on PA merge and overlap. Here is a young disabled political aspirant for the Internet Party writing in Stuff Nation

Wgtn • Since Jun 2008 • 3229 posts Report
Paul Campbell, 11:34 May 15, 2014

This whole "GCSB must approve all changes to your network" and "all your employees must receive a security clearance" worries me a lot - (does NZ actually have security clearances? I guess we'll all need them now).
I design telecommunications systems, will I get a GCSB minder to look over my shoulder all day in case I invent a system that the NSA can't break into?

Dunedin • Since Nov 2006 • 2623 posts Report
Andre Alessi, in reply to Stephen R, 11:41 May 15, 2014

Discussing it at home last night, we decided that basically it was going to mean the GCSB mandating use of routers/Network configurations that were compromisable by the NSA or GCSB. I’d bet that if a network provider found a way to firewall off any command/control signals from outside their network, the GCSB would tell them to stop
I'm confident that interception won't occur at that level, because it doesn't need to. There is a vast range of different equipment and protocols in use in NZ at the moment, and no way for any government to regulate it effectively. Interception will occur at someone's desk at your ISP, with your ISP's knowledge and agreement. This isn't a technology issue, it's a people issue.

Devonport, New Zealand • Since Nov 2006 • 864 posts Report
TracyMac, in reply to Idiot Savant, 11:41 May 15, 2014

So this was ALL implemented at the behest of National govts only? Hardly. Labour is obviously just as complicit.
As for the Greens, I don't have time to look, but do they have an anti-spy policy? For NZ's own citizens?

Canberra, West Island • Since Nov 2006 • 701 posts Report
Steve Barnes, in reply to Paul Campbell, 11:42 May 15, 2014

will I get a GCSB minder to look over my shoulder all day in case I invent a system that the NSA can’t break into?
Yes but you will be told it is just a pre-sales rep seeing how they can "help" you.

Peria • Since Dec 2006 • 5521 posts Report
Steve Barnes, in reply to TracyMac, 11:53 May 15, 2014

I don’t have time to look,
Therein lies a big part of the problem.
In a word where technology was sold to us on the basis that it would make our lives “better” and that we would have more leisure time, we actually find the opposite happening, we have less time, we are working our fingers to the bone just to end up with nothing but bony fingers.
Perhaps the real answer here is to not play their game, start writing letters to each other again, have more social gatherings and spend less time chasing the almighty dollar, wake up, use your noses to smell the roses and less for chasing “supposes”
He proposes as he poses then mosies to where he dozes…

Peria • Since Dec 2006 • 5521 posts Report
Paul Campbell, 11:54 May 15, 2014

Oh OK then, I'll just send him/her into the meetings with the others who argue vehemently over features no one will ever use, they'll disappear into meetings and never be seen again

Dunedin • Since Nov 2006 • 2623 posts Report
Russell Brown, in reply to Paul Campbell, 12:06 May 15, 2014

It’s a little fiddly finding these in the docs (the page numbering doesn’t correspond to actual pagination) so here’s the map of where our packets are intercepted (click to embiggen). Far out.

Auckland • Since Nov 2006 • 22850 posts Report
nzlemming, in reply to Paul Campbell, 12:09 May 15, 2014

does NZ actually have security clearances?
Not as the USA does, where you get vetted and it stays with you as an individual. Generally, security clearances apply only to staff of a government organisation and are the decision of the Chief Executive of that agency and only for that agency. For Restricted or Confidential, that's all you need. For higher levels (there are four - RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET) you may need to be vetted by the SIS. I'm not aware of how they manage this for individuals who are not government employees, but having a clearance at one agency doesn't mean you can see material at the same level at another agency, so I imagine non-employees are at the CE's discretion as well.
See Security in the Government Sector [pdf] on the SIS site for the mind-numbingly boring detail. [disclaimer - I didn't write it but I used to sit next to the guy that did]

Waikanae • Since Nov 2006 • 2937 posts Report
nzlemming, in reply to Russell Brown, 12:13 May 15, 2014

It’s a little fiddly finding these in the docs (the page numbering doesn’t correspond to actual pagination) so here’s the map of where our packets are intercepted (click to embiggen). Far out.
One does wonder where the redacted places are ;-)
Also, hardly surprised by Hawaii but hadn't thought about Indonesia, which might explain a few things...

Waikanae • Since Nov 2006 • 2937 posts Report
Idiot Savant, in reply to Paul Campbell, 12:15 May 15, 2014

(does NZ actually have security clearances? I guess we'll all need them now).
Yes - they're required for work in certain government positions (e.g. MFAT, Defence, spies, and some parts of Treasury, SSC, DPMC, police, customs, and immigration). There's a candidate guide here.
Requiring such clearance for appropriate government work is one thing. But demanding it of civilians who have nothing to do with the government (and potentially being able to shut down an entire business if they don't jump through your stupid hoops) is intrusive and onerous.
OTOH, if you don't want to play, just tell them that you're a drug-addicted communist wikileaks-supporter with huge financial problems who is cheating on your partner (that establishes three of the classic motives: Money, Ideology, Compromise). Problem solved.

Palmerston North • Since Nov 2006 • 1717 posts Report
Paul Campbell, in reply to Russell Brown, 12:21 May 15, 2014

yes those 4 blue circles (Singapore/Guam/Saipan?/Hawaii) hit every packet that can make it in or out of NZ/Australia

Dunedin • Since Nov 2006 • 2623 posts Report
Russell Brown, in reply to Idiot Savant, 12:22 May 15, 2014

Requiring such clearance for appropriate government work is one thing. But demanding it of civilians who have nothing to do with the government (and potentially being able to shut down an entire business if they don’t jump through your stupid hoops) is intrusive and onerous.
Many people in telecommunications are very unhappy about all this. Understandably.

Auckland • Since Nov 2006 • 22850 posts Report