Opening Statement to the Intelligence & Security Committee
Thank you Mr Chairman, and good morning to the Committee.
This is of course my first time appearing before this Committee and I do so as Acting Director of the Bureau, and in my second week. I note that this is the second year in which this Committee has heard part of the Bureau and the NZSIS financial review in public. I make that comment because it links to a theme that I make in this short opening address to the Committee. That theme is that independent oversight of the Bureau's functions is a vital part of the system functioning in a democracy.
But, first, I must say that even in my short tenure in the office I have been impressed with what I have seen in terms of the calibre of the people in the Bureau, and the work they do for New Zealand – with a strong focus on the law and on compliance. I have seen auditable processes by which that oversight I have just mentioned can operate.
My sense is that I come to a Bureau in good heart, with good morale, as its people continue to work hard in a quickly changing security and intelligence environment to make a valuable contribution to protecting the national security of New Zealand, and New Zealand's international relations and economic wellbeing.
As Acting Director I aim to continue the valuable work already under way to increase the awareness and understanding of the GCSB and the value it delivers to New Zealand and New Zealanders. Our work is all about protecting and enhancing New Zealand's security and wellbeing and we do this in the three ways now set out in the GCSB Act:
- Information assurance and cyber security advice and assistance to the New Zealand Government and to critical infrastructure organisations. I have already been briefed on two examples of attempts against New Zealand entities since I started and the successful engagement of the Bureau with those entities to assist them.
- Foreign intelligence to Government to assist in decision making. Again, I have already seen provision of foreign intelligence to the executive.
- And, as in section 8C of our Act, we are also mandated to cooperate with and assist three other agencies: NZDF, Police and NZSIS.
My other goal is to continue the work already under way within the New Zealand Intelligence Community (NZIC) to work together to ensure collective impact for Government and therefore to New Zealand in what the intelligence agencies do. That is a matter which was covered in the Performance Improvement Framework review of the Intelligence Community. Of course, the agencies' core functions must be kept separate and the NZSIS and the GCSB have very different mandates and legislative controls. But there is risk in a silo approach to the delivery of intelligence functions across Government. The NZIC has commenced work, and a lot more work is needed, to ensure that the collective impact of the intelligence functions is enhanced.
Also, and in my first week, media attention on the Bureau's valuable work has raised a real and important tension. That tension is between New Zealanders' call for openness and transparency and the Bureau's need for secrecy around much of what we do. Can that tension be resolved? I think it can, but it requires an understanding of some fundamental issues.
In this business, transparency and openness is not a straight forward matter. We have to ensure that we do not inadvertently increase our vulnerabilities to people who do not have New Zealand's best interests at heart by revealing sources, methods or targets. We don't want people we're conducting foreign intelligence on, or defending computer networks from, to know that we are looking at them or how we're doing that. We don't even want them to know what we're capable of and what we're not capable of.
If people who do not have New Zealand's best interests at heart could identify, from our openness with New Zealanders, what we're capable of and what we're not capable of, or what we're doing or not doing, it gives them an advantage to change the way they are acting against our interests, or an insight into vulnerabilities in this country.
That would make the job that the Government and New Zealand expect us to do considerably harder, or even possible.
The tension is real. So, what's the answer? It lies in the real, independent oversight that is an integral part of the intelligence and security system. Whether it is by theInspector-General of Intelligence and Security or this Committee itself, or the Commissioner of Security Warrants, the Bureau and its decision making is open to considerable scrutiny by suitable bodies that can delve into our activities, including the things that we do that are classified. We are also working with the Office of the Privacy Commissioner to implement personal information policies, as required by the Act.
The collection and analysis work we do is authorised – whether it is a Ministerial authorisation, including, in some cases, authorisation from the Commissioner of Security Warrants, or a Director authorisation. The processes for those authorisations can be audited by appropriate oversight bodies too. What we do with that information is also auditable. [At this point Ms Jagose referred to the Inspector-General of Intelligence and Security's Annual Report for the year ended 30 June 2014.]
Against that backdrop, the Bureau will not discuss sensitive operational matters including commenting on speculation on whom we might or might not collect information, or what our capabilities may or may not be. But that response cannot be taken in isolation: it must be seen in concert with the independent oversight functions now embedded in the system. We are not a closed shop, setting our own standards, judging ourselves against them and saying "trust us". Far from it; we are subject to significant, strong and independent oversight.
We welcome this independent scrutiny. It is essential to continuing to build a credible and resilient Bureau into the future. That scrutiny sits over the top of a strong compliance culture that the Bureau has built up, especially now that we have implemented all of the recommendations from the 2013 Kitteridge Compliance Review. These checks and balances are vital and ensure that there can be public confidence in the valuable and important work that the Bureau does.
The year under review has been transformational for the Bureau. It has implemented all of the Kitteridge Compliance Review recommendations (as at 30 June 2014 nearly all were complete; now all have been completed) and the 6 reports on the progress in implementation are available on our website. It has implemented the 2013 legislative amendments, which improve the clarity of our functions, accommodated changes to cyber defence work, implemented the network security functions of the Telecommunications (Interception Capability and Security) Act (TICSA), and significantly increased its internal legal capacity – including ensuring those lawyers are connected within the business and within the broader legal network of government lawyers.
These changes stand the Bureau in very good stead for the future. I am excited about this role and hope to make a strong contribution to the Bureau's future successes.