Hard News: Key Questions
177 Responses
First ←Older Page 1 … 3 4 5 6 7 8 Newer→ Last
-
Steve Barnes, in reply to
It isn’t responsible for the security of any of the systems you just listed.
Why not? That is just stupid, what the hell are they for then?.
"Government Communications Security Bureau, We are here to do nothing of the sort" -
Matthew Poole, in reply to
Well, for one thing, all government agencies are responsible for the security of their own systems; GCSB is only responsible for ensuring the security of GCSB systems. GCSB publishes guidelines (NZ Infrastructure Security Manual, or NZISM) which are required to be followed by agencies that handle classified material. NZISM sets out the rules (“must”, “must not”, “should”, etc) that networks and systems handling the different levels of information classification need to meet. GCSB also assesses and certifies cryptographic equipment for use in networks that transmit classified material between security zones. That’s it. They don’t go around and assess the security of every government agency’s IT systems, and they don’t even have the authority to demand that every government agency adhere to NZISM (for one thing, NZISM is only really useful if your agency handles classified material). GCSB is to information security in the national security public sector what NZSIS is to physical security: advisors, and publishers of guidelines. The agencies themselves are required to implement and comply with those guidelines, though they can ask for advice from the appropriate intelligence service.
Plus, if people are wigging out about GCSB gathering intel on behalf of other agencies’ warrants, imagine how they’d feel if GCSB spooks were poking around inside every single government agency’s IT systems!
See the Act if you want to know the GCSB’s objective and functions. They're not what you seem to think.
-
OK totally dumb question - the law has been broken 85 times - I'm told ignorance is no excuse - there will be 85 charges laid with the courts right?
-
Matthew Poole, in reply to
56 times, I believe. 88 individuals. And I would expect representative charges rather than 56 individual counts, if that were to be pursued. The Greens (or maybe Mallard) may be considering laying a complaint with the police, in the same vein as was done regarding Dotcom, but I can't see the cops proactively sticking their noses into the matter. Whether that's a good thing or not is a totally different question.
-
Rich of Observationz, in reply to
GCSB derives it's name from GCHQ (Government Communications Headquarters) which was created as a cover identity for the UK's codebreaking organisation (a more obscure one that the former Government Code and Cypher School).
I don't think Bletchley Park had much involvement in actual government communications (provided in those days by the GPO and the Signals Corps/Admiralty) - those functions which actually fit the name were added as the organisation grew.
-
Rich of Observationz, in reply to
I'd note that Ireland (a country of similar size to NZ, which complies with international conventions and has somewhat larger security worries) subordinates its intelligence organisations to the police and military.
-
Matthew Poole, in reply to
Quite. Other than advising on InfoSec, GCSB is an electronic intelligence gatherer. They don't run human intelligence assets (that's NZSIS's role). And that ELINT background goes back to their origins out of GCHQ, which is also why GCSB is historically run by people with a military signals background.
-
Steve Barnes, in reply to
See the Act if you want to know the GCSB’s objective and functions. They’re not what you seem to think.
I read it differently to you and it seems plain enough that they are to
(provide) advice, assistance, and protection to departments of State and other instruments of the Executive Government of New Zealand in order to—
(i)
protect and enhance the security of their communications, information systems, and computer systems;
Also;
to co-operate with, or to provide advice and assistance to, any public authority or other entity, in New Zealand or abroad,—
(i)
on the protection of information that the public authority or other entity produces, sends, receives, or holds in any medium; or
(ii)
on any matter that is relevant—
(A)
to the functions of the public authority or other entity; and
(B)
to any purpose specified in subsection (2).
(2)
The Bureau may perform its functions only for the following purposes:
(a)
to pursue its objective:
(b)
to protect the safety of any person:
(c)
in support of the prevention or detection of serious crime.
(3)
The performance of the Bureau’s functions is subject to the control of the Minister.
That "to pursue its objective:" bit is very loose, like saying "and they can do whatever they want.
-
Matthew Poole, in reply to
Whether or not you read it differently to me is kinda beside the point. What matters is how it gets interpreted in practice, and in practice they do the things I said. Also, the Act doesn't empower them to take over other agencies' responsibility for their own security, and that's perfectly clear in any interpretation. So regardless of what you think the Act does or doesn't allow them to do, they have no responsibility for the security of any of the networks you listed because not a single one of them is run by or for GCSB.
-
Steve Barnes, in reply to
What matters is how it gets interpreted in practice,
Indeed. It seems that the interpretation is somewhat misused when it suits them.
-
Sacha, in reply to
I’m questioning the existence of intent that GCSB be forbidden to assist other domestic agencies
I don't have a well-informed opinion yet. Imagine the complexity will be conveyed as this unfolds.
-
Intent doesn’t beat plain meaning of the statute: “take no action” is pretty unambiguous. (And ambiguity should be interpreted against the Crown in these cases.)
Looking at Hansard to determine the limits of a law restraining the Crown is, uh, close to being constitutionally bankrupt.
-
Matthew Poole, in reply to
Not arguing that GCSB didn't break the law, Keir. Just arguing that it's not obvious that Parliament intended that GCSB not assist other agencies, and pointing out that someone is going to have these capabilities even if it's not GCSB. If the resolution to the current situation was that GCSB was informed in absolute terms that it does not, ever, in any circumstances, spy on NZ citizens and residents, the outcome would be that NZSIS and the Police will seek funding to establish the capability to which they've just lost access. Anyone who thinks that won't happen is, I suggest, as naive as Russell Norman with his assertion that we don't need any intelligence services whatsoever.
-
DexterX, in reply to
Not arguing that GCSB didn't break the law, Keir. Just arguing that it's not obvious that Parliament intended that GCSB not assist other agencies, and pointing out that someone is going to have these capabilities even if it's not GCSB.
The assistance to to ehr agencies is a smokescreen - as to intention Keith Locke is quite clear on what the intention was - the Citizen A post on you tube with Keith Locke
-
and Russell Norman yesterday.
-
Keir Leslie, in reply to
But fundamentally, parliamentary intent is a fiction for the interpretation of Acts. I am saying that you don't need to look to Hansard to determine Parliament's intent, because the Act is clear. It is entirely possible that certain Members of Parliament had different intents. That doesn't matter: Parliament's intent should be derived from the words of the statute in the first instance, and then from other sources if the statute is unclear or ambiguous.
I also don't see why it's impossible to think that a duplication of function might be intended: we often duplicate functions in an teempt to restrain the powers of the state.
-
Rob Stowell, in reply to
the outcome would be that NZSIS and the Police will seek funding to establish the capability to which they’ve just lost access. Anyone who thinks that won’t happen is, I suggest, as naive as Russell Norman with his assertion that we don’t need any intelligence services whatsoever.
‘Just lost access’ implies this has been a regular- and necessary occurrence. I don’t agree. It’s not necessary or justified.
And I’m with Russel Norman on the SIS.
Can anyone come up with a situation where the SIS has done marvellous, nation-enhancing work? Not me.
On the other hand, I’m sure they had a pretty big file on my dad, because he was involved in setting up the CND here. Terrible man. Even got involved in protesting!
But that’d be nothing to the files they had on Elsie Locke, Keith Locke’s mum. She was a terrible communist, historian and central in setting up the CND. And when she wasn’t busy writing children’s books, she was a fearless campaigner for peace.
I’m afraid that’s my measure of the SIS- an organisation that saw Elsie Locke as the nation’s great enemy, and spied on her and her friends and associates.
You bet we can get by without them. -
DexterX, in reply to
You bet we can get by without them.
Yes - but "they" don't feel they can't get along without "it".
The situation, as it has evolved, is that the Prime Minister can, for the purpose of retaining office or other ill, use the spy services to keep tabs on people, influence their action and interactions with others, and interfere with their lives and adversely influence or close out the voice of reason and dissent.
I don't feel it is chance that Key is at the centre of this as it unravels (via the Kim Dot Com Fiasco)
A key element of this Key Government is the series of fiascos in most facets of government - a continuum of incompetence and cover-ups.
The SIS, the Police and the FBI using the GCSB for illegal purposes.
The Courts when interpreting legislation do at times consider the “intentions of the house” where matters are unclear – however in the context of the GCSB Act there is no lack of clarity about not spying on NZ Residents or Citizens.
The Benefit of MMP is we have a minor party that has the opportunity to hold the government to account and perhaps the house as a whole can work to resolve the issues.
-
Matthew Poole, in reply to
‘Just lost access’ implies this has been a regular- and necessary occurrence. I don’t agree
You don't agree that it's been regular? Or that it's been necessary. Kitteridge's report suggests this "service" has been available to and used by other agencies for considerably longer than the 2003 Act has existed.
Necessary? That's back to arguing that we don't need intelligence services or the ability for the police (at the very minimum) to monitor the communications of those who may wish NZ harm. I, personally, do not subscribe to the Keith Locke school of thinking that NZ lives in a totally benign environment in which the only threats to NZ come from our intelligence services' existence.Nobody has answered my question about replacing GCSB with telco, either. None of you willing to engage in that particular logical exercise?
-
Rich of Observationz, in reply to
It would be possibly to adopt the Irish model of having intelligence functions within the police and defence force.
This would have numerous advantages:
- there would be a clear demarcation between action against criminality and military threats. (The Defence Act requires that assistance by the Defence Force is authorized by the PM and that there is an emergency).
- the police have an imperfect regulatory process through IPCA, but at least they have that process. They also have an accepted task of detecting and preventing crime and their work can be judged by this - investigations are expected to either end in prosecutions or be dropped when no crime has been detected.
-
Rob Stowell, in reply to
I, personally, do not subscribe to the Keith Locke school of thinking that NZ lives in a totally benign environment in which the only threats to NZ come from our intelligence services’ existence.
Neither do I, and I'm pretty sure neither does Keith Locke :)
-
An interesting RFP just out on the GETS tender list . The Prime Ministers Dept "Security Sector Professional Development Programme " . A tender looking for " an innovative supplier to provide a professional development programme for executives and senior officials within the security sector. The focus of the programme is to equip officials with the knowledge and skills required to deal with the myriad of security challenges that threaten New Zealand’s wellbeing and prosperity."
Looks like they are trying to up-skill a lot more senior officials around National Security.
Whats going on here then ? -
Matthew Poole, in reply to
I’m pretty sure neither does Keith Locke
Doing away with any external intelligence function speaks to a firm belief in a very, very benign threat environment. It completely excludes, for example, the belief that corporate espionage is in any way a risk to NZ.
As another example, we'd be utterly reliant on the US and Australian stance on Huawei equipment without the in-house knowledge of GCSB. The Royal NZ Corps of Signals don't have the capacity to evaluate that threat, and nor is it any part of their core duty to have that capacity. Personally, I'd rather we weren't reliant on vested corporate interests to assess threats to our telecommunications infrastructure, and the irony of Locke wanting GCSB disbanded is that it would have a consequence of forcing NZ to rely on US and Australian intelligence assessments of such matters. -
Rich of Observationz, in reply to
If a supplier puts an undeclared back door into a device allowing unauthorised access, that's probably an offence under s216 or s249 of the Crimes Act and would be a police matter. So it should be for the police to look at this.
It isn't an act of war, despite all the popular wank fantasies about "cyber-warfare" and thus isn't a defence force concern.
(Open source infrastructure would avoid the problem completely)
-
Matthew Poole, in reply to
If a supplier puts an undeclared back door into a device allowing unauthorised access, that’s probably an offence under s216 or s249 of the Crimes Act and would be a police matter. So it should be for the police to look at this.
Yes, and once a threat to our national communications infrastructure has been rolled out widely and is in use (probably has been used, putting us really deep in the poo), we'll send the police to a foreign country to affect the arrest and prosecution of those naughty government officials who fomented such mischief.
Post your response…
This topic is closed.