It also seems unusual that the Prime Minister, the minister responsible for the GCSB, would not even have known who Dotcom was until January 19, the day before the raid on the Dotcom mansion. But no one can prove otherwise.
And that's the fundamental problem with secret agencies: the secrecy necessary for them to do their jobs effectively also protects their mistakes and abuses of power.
No, but telling the world stuff that harms the defence of NZ is part of it if it's likely that al Qaeda or some other such group got to see that stuff.
Nope. The closest you can get is "assist[ing] an enemy at war with New Zealand, or any armed forces against which New Zealand forces are engaged in hostilities". Which requires something more than spook paranoia about some vague harm at some undefinable time in the future.
That does not mesh with the wording of the section. "Official information" does not have to be held by "an organisation" to be covered, and the definition of what constitutes official information is very, very broad. The IGSI and the ISC are both covered.
Shall we look at it? Are IGSI or ISC...
...a "Department"? No
...a Minister? No
...an "organisation"? No
...employees of a Department or organisation? No
...independent contractors of a Department, Minister or organisation? No
...an unincorporated body established by a Department, Minister, or organisation? No
As a result, no information held by them is "official information". It cannot be requested under the OIA (you are of course welcome to try; let me know in 20 working days how you got on), but the consequence of importing OIA definitions and exclusions into the Crimes Act also means that leaks from those bodies can never be prosecuted. Which is why Peter Dunne was never charged: because he had committed no crime.
(This is also why SIS and GCSB are subject to the OIA. Because if they weren't, their secrets would have no legal protection whatsoever)
unless the government decides to try you for treason.
Treason in NZ has a very specific meaning. "Telling the public stuff the government doesn't want them to know" is no part of it.
To be breaking NZ law you must “knowingly or recklessly, and with knowledge that [you are] acting without proper authority, communicate any official information or deliver any object to any other person knowing that such communication or delivery is likely to prejudice the security or defence of New Zealand”.
And in that, the term "official information" is crucial. Official information is information that is "held by" the government - that is, it originated with them, and has not been made public. If you have a non-NZ government source e.g. a Snowden leak, then its not "official information" and you can distribute it as much as you like.
"Likely to prejudice the security or defence of New Zealand" is also a far higher bar than it sounds. The Court of Appeal has interpreted similar language in the OIA, and requires it to be "a serious or real and substantial risk... a risk that might well eventuate". Ordinary spy paranoia "but this is super-sekrit!" doesn't count.
And if the body whose information it is isn't covered by the OIA e.g. the Inspector-General of Security and Intelligence, or the Intelligence and Security Committee - then its not "official information" and its total fair game.
(There are other branches to the offence. Both involve "official documents", so don't forbid disclosure of content. One also requires "intent to prejudice the security or defence of New Zealand", which again is pushing shit uphill territory).
Basically: if you're a security-cleared ISP employee, its only an employment issue, unless you're distributing actual copies of government-originated documents with intent that they be used to bring down the Net 9as opposed to "stop the spooks from being jerks")
does having a security clearance legally require you to keep secrets? can the existence of a bug that the NSA is actively exploiting be declared a state secret? even one in my own code?
No.Security clearances have no statutory force. Ultimately they're simply an employment issue.
There is a summary offence of http://www.legislation.govt.nz/act/public/1981/0113/latest/DLM53565.html?search=ta_act_S_ac%40ainf%40anif_an%40bn%40rn_200_a&p=1, and a crime of Wrongful communication, retention, or copying of official information. Neither has to my knowledge ever been used, and the government would be pushing shit uphill (both politically and legally) to try and mount a prosecution for either of a public-interest leak.
Edit to add: And if the bug is in your own code, they're screwed, because the law relies on "official information" and "official documents". If its your code, or if you discover the document independently, its neither, provided you are not working for the government at the time.
they could, I suppose, classify a document as “Public” and refuse to let you see it on the grounds that it is “classified”.
Nope. The OIA doesn't care about what labels agencies stick on documents. Instead, they would have to claim that release would prejudice the security and defence of New Zealand (or whatever), but that doesn't automatically follow from classification.
My guess is the real reason for having someone with a security clearance is so that the GCSB has someone in place in every ISP to use when the time comes to start tapping someone aggressively, they also need someone they can tell "don't fix that bug, we're using that"
Clearance doesn't mean obediance, and I would hope that any sysadmin in the latter case would immediately post the demand all over the internet. But I guess the point of requiring security clearance in the first place is to weed out such people from such positions.
On the subject of security clearence. We used to have the "Official Secrets Act" enacted in 1951, repealed? dunno.
Repealed by the OIA over 30 years ago.
They're already drowning in their own paperwork. A few years ago SIS took years to grant a security clearance (and they didn't do it right - remember this guy? SIS gave him a clearance).