SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Audit
#
Five Eyes
#
GCSB

Kiwi intelligence agencies welcome human rights compliance review

Fri, 5th Jul 2024
Author image
By Melania Watson, Interview Editor

The New Zealand Security Intelligence Service (NZSIS) and the Government Communications Security Bureau (GCSB) have expressed approval for the Inspector-General of Intelligence and Security's (IGIS) baseline review into their Human Rights Risk Assessments (HRRA).

The review examines the risk of collaboration with international partners and evaluates whether the agencies act lawfully under domestic and international law during such cooperations.

According to IGIS, both intelligence sharing and cooperation are crucial components of the NZSIS and GCSB operations.

The review concludes that the Ministerial Policy Statement (MPS) and the Joint Policy Statement (JPS) on human rights provide a robust framework for sharing intelligence and cooperating with overseas entities.

IGIS also highlights the need for effective legal frameworks and policies to ensure that intelligence exchanges comply with New Zealand's human rights obligations.

The review involved assessing the relevant laws, policies, and operational records related to HRRAs conducted since December 2021 under the updated JPS. The findings reveal that while there are clear procedures, improvements can be made. The NZSIS and GCSB have accepted all recommendations and have already proceeded with several implementations.

The New Zealand intelligence and security agencies are authorised under Section 10 of the Intelligence and Security Act 2017 to collect, analyse, and share intelligence. Ministerial authorisation is required before cooperating with overseas entities, ensuring compliance with New Zealand laws and human rights obligations.

The MPS outlines that employees must consider principles such as human rights, necessity, reasonableness, proportionality, and oversight when making decisions regarding foreign cooperation.

The review indicates that applications for ministerial authorisations and approved party status for intelligence sharing are generally made in batches and sometimes jointly by the agencies. As of early March 2023, the NZSIS held authorisations and approved party statuses for multiple countries, including 27 public authorities and ministerial authorisations for 40 countries.

The GCSB held such authorisations for 18 countries, in addition to five other countries with authorisations.

A significant aspect of intelligence sharing under scrutiny is the "third party rule," commonly used among the Five Eyes countries. This rule requires the consent of the originating country (e.g., New Zealand) before an intelligence partner can share the received intelligence with a third party. The IGIS and the New Zealand agencies maintain differing views on whether ministerial authorisation should be obtained for the third party.

In examining the HRRA practices, IGIS found variability in the level of detail across the NZSIS risk assessments. While comprehensive analyses were more detailed, brief assessments were noted in lower-risk instances. The use of multiple credible sources for assessing human rights records was also inconsistent.

The GCSB shares a substantial volume of intelligence under the third party rule, with most HRRA requests approved.

The IGIS reviewed a sample of 25 GCSB HRRAs and found that human rights risks were considered alongside other factors such as intelligence source disclosure and support for military operations. IGIS's assessment indicates that the MPS and JPS on human rights provide a robust framework but could benefit from clearer guidance on standing HRRAs, which apply to longer-term cooperations.

Recommendations were made for more detailed reporting, enhanced training, regular audits, and the establishment of a centralised register for HRRAs to ensure effective oversight.

Both agencies have accepted various recommendations to improve their HRRA processes. Notably, the NZSIS has updated its policy to reflect a clearer framework for standing HRRAs and scheduled audits for their HRRA processes.

Meanwhile, the GCSB is expected to update its guidance and working aids to align with the latest policies and maintain specific records of risk levels for internal and external oversight.

The IGIS underscores that ongoing improvements and effective oversight are essential to ensure that New Zealand's intelligence agencies comply with legal and human rights obligations during their operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
NCSC's Malware Free Network disrupts 10 million cyber threats
US Insider Risk Management Centre launches to tackle threats
New Zealand's NCSC briefs IPAC on potential cyber attacks
Talking cybersecurity with the board of Directors
Gallagher confirms SOC2 Type 2 recertification for security services
Top stories
AI threats outpacing security teams, says Bugcrowd report
Safeguarding businesses against deepfake threats to employees
Sonatype launches SBOM Manager to enhance software security
LogRhythm boosts security with quarterly update
Edge cloud strategies to propel today’s enterprise performance and security