Back in March we wrote a letter to the NZSIS and GCSB with a suggestion about how they could improve transparency and oversight without risking New Zealand's security. We also copied the letter to the IGIS to see if they had any comment. Our suggestion was:
It is my understanding that the GCSB | SIS does prepare legal analyses of the various parts of the Act so as to ensure that staff act within the letter of the law. My suggestion is that the agency should make these legal analyses (edited for security reasons as required) publicly available. As these legal analyses would only discuss the publicly available law, I believe that making them public would not risk New Zealand's security. This would lead to a better public understanding of what the GCSB | SIS can and cannot do under the current law thereby reducing uncertainty and increasing trust.
After some nagging of a rather tardy GCSB, we now have responses from all three.
IGIS - Inspector General of Intelligence Services
Unsurprisingly the IGIS didn't have much to say - it's not really her call as to what the agencies publish. However, she did say:
While ultimately it is for the GCSB and the responsible Minister to decide which of the Bureau's internal documents to make public, my approach when reporting on inquiries is to make public as much information as possible, consistent with national security and the specific constraints contained in the IGIS Act 1996.
See the full-text of the IGIS response (PDF).
SIS - New Zealand Security Intelligence Service
Their response started by talking up the SIS's desire to be more transparent and mentioning some of their efforts to do so, before giving us two reasons for them refusing our request.
Refusal reason 1 - Legal privilege
They then claimed that the first reason they couldn't publish internal legal advice is that it is subject to Crown legal professional privilege. "Firstly, our internal legal advice is subject to Crown legal professional privilege and that privilege may only be waived with the consent of the Attorney-General." There is apparently no desire on the part of the SIS to ask the Attorney-General to waive this.
However, this seems to conflict with 4.68 in the Cabinet Manual, at least for Official Information Act requests: "Where a request is made under the Official Information Act 1982, the decision on release must be made by the Minister or chief executive who received it. The Attorney-General (through the Crown Law Office) should be consulted about the request."
Reason 2 - National security
The letter went on to claim that legal advice is asked for only in specific cases and the advice contains the details of those cases, therefore it can't meaningfully be revealed. Apparently the NZ SIS already understands all the relevant laws well enough that it doesn't see a need to seek more general analysis.
Finally the letter talked about the oversight mechanisms for the SIS including the courts, the IGIS, the Parliamentary Intelligence and Security Committee, and the Ombudsman, Privacy Commissioner, and the Audit Office.
See the full-text of the SIS response (PDF).
GCSB - Government Communications Security Bureau
After apologising for the tardiness of their response, the GCSB also stated their commitment to appropriate openness. However, they then had something concrete to say:
One way GCSB is currently working to do so is by proactively declassifying policies that may be of interest to the public.
These can currently be found in the News section of the GCSB website and include the following:
- Policy Procedure 1007: Responding to Information Requests (PDF)
- Policy Statement PS216CSB: Incidental Intelligence (PDF)
- GCSB Nationality Policy (PDF)
See the full-text of the GCSB response (PDF).
While we still have real problems with the overall purposes and methods of the intelligence agencies, we do believe that it is possible to make useful incremental improvements. One of those is ensuring that the agencies are subject to appropriate democratic oversight and this requires the maximum possible transparency.
Stripped of the happy-talk, the SIS's refusal to comply with our suggestion was obviously disappointing. As the GCSB has shown, it is possible to publish policy documents that include interpretations of the agency's controlling law.
As for the GCSB, they have made a start and this should obviously be encouraged. However, the real test will be if they start publishing policy and legal opinions around more controversial topics such as the treatment of metadata.