Story image

Key "sets record straight"... Rubbishes mass surveillance claims

16 Sep 14

Prime Minister John Key has corrected what he calls "misinformation" concerning the operations of the Government Communications Security Bureau.

“Claims have been made that are simply wrong and that is because they are based on incomplete information,” says Key, speaking following Kim Dotcom's publicised 'Moment of Truth' event in Auckland last night.

“There is not, and never has been, a cable access surveillance programme operating in New Zealand.

“There is not, and never has been, mass surveillance of New Zealanders undertaken by the GCSB.

“Regarding XKEYSCORE, we don’t discuss the specific programmes the GCSB may, or may not use, but the GCSB does not collect mass metadata on New Zealanders, therefore it is clearly not contributing such data to anything or anyone."

Key says he "setting the record straight" because he believes New Zealanders "deserve better than getting half of a story, embellished for dramatic effect and political gain, and based on incomplete information."

“The GCSB undertakes cyber security operations to protect individual public and private sector entities from the increasing threat of cyber-attack and this is very important work," he adds.

“It does not, however, remotely resemble what has been claimed."

Key claims the GCSB’s cyber security operations occur within its legal framework and only when the following conditions are met:

* Each entity must provide individual legal consent to be protected by the GCSB;

* The independent Commissioner of Security Warrants must be satisfied each individual case is within the law, and a legal warrant must be co-signed by the Prime Minister and the Commissioner;

* Warrants are subject to a two-step process, as outlined by the Prime Minister when legislation was passed last year.

A warrant is required for high level cyber protection for an individual entity, and the content of a New Zealander’s communications cannot be looked at by a GCSB employee unless a specific cyber threat is identified which relates to that communication.

If that is the case, the GCSB must return to the Prime Minister and the Commissioner to make the case for a second warrant in order to access that communication.

In addition to this, Key claims the Inspector General of Intelligence and Security has "substantially stronger powers to monitor the GCSB’s activities and ensure they are appropriate and within the law."

“Our cyber security programme began operating this year after a lengthy process of assessing options for protection,” Key adds.

“The process began in late 2011 when the GCSB made it clear to me that cyber-attacks were a growing threat to our country’s data and intellectual property and the Government needed to invest in addressing that.

“The Bureau assessed a variety of options for protection and presented an initial range to Cabinet for consideration in 2012.

“These options ranged from the highest possible form of protection to a much weaker form of security, with some in between.

“The Cabinet initially expressed an interest in GCSB developing a future business case for the strongest form of protection for our public and private sectors, but it later revoked that decision and opted for what we have now – something known as Cortex.

“The business case for the highest form of protection was never completed or presented to Cabinet and never approved. Put simply, it never happened."

The Prime Minister also released declassified material, including a Cabinet minute to show what occurred.

“I can assure New Zealanders that there is not, and never has been, mass surveillance by the GCSB," he adds.

“In stark contrast, the Bureau actually operates a sound, individually-based form of cyber protection only to entities which legally consent to it."

Timeline...

3 April 2012 - Cabinet Minute (PDF3) shows Cabinet asks for business case on cyber security protection initiative.

September 2012 - It becomes clear there are issues with the GCSB’s surveillance of Mr Dotcom.

After this Rebecca Kitteridge is called in, problems with the legal framework and internal issues in the GCSB are identified through reviews.

March 2013 - PM tells GCSB not to bring business case forward. Informs GCSB it is too broad. Budget contingency funding will be rolled over and used for something else in cyber security.

September 2013 – Cabinet Minute (PDF2) shows formal rescinding of request for business case and notice of new, narrower project. The business case had been known only as initiative 7418 through the Budget process because of its classification.

July 2014 - Cabinet agrees to Cortex, a narrower cyber security programme. (Cab paper and minute PDF 1 and PDF4)

HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
This could be the future of ridesharing
When you hear the words ‘driverless vehicle technology’, the company Bosch may not immediately spring to mind.
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Businesses in APAC are ahead of the global digital transformation game
“And it’s more about people and culture - about change management - along with investing in the technology.”
HubSpot announces fund for 'customer first' startups
HubSpot is pouring US$30 million (NZ$40 million) into a new fund to support startups that demonstrate ‘customer first’ approach of not only growing bigger, but growing better.