The key issue for New Zealanders coming out of the alleged illegal spying on Kim Dotcom and his co-accused by the Government Communications Security Bureau is whether that agency is spying on anyone else - and maybe don't realise it? Is anyone overseeing this agency to ensure they are not acting illegally, especially given their extensive powers to covertly intrude into peoples' lives?
In Mr Dotcom's case, the GCSB appears to have relied on the wrong advice of another public taxpayer funded agency, the Organised and Financial Crime Agency New Zealand, that Mr Dotcom and his associates were foreigners.
The GCSB failed to realise that this advice was wrong because they didn't check it. No one found out what the GCSB was up to because the Acting Prime Minister signed a ministerial certificate which effectively suppressed it. The GCSB had told him the certificate was warranted in the interests of security.
The result appears to be illegal spying because the GCSB Act states that the bureau must not take any action for the purpose of intercepting the communications of a person who is a New Zealand citizen or a permanent resident.
There is a statutory framework that governs the actions of the GCSB and a watchdog to make sure they are acting legally. Few New Zealanders had probably heard of the Inspector-General of Intelligence and Security until the Prime Minister referred to him this week in relation to the alleged illegal spying. But Paul Neazor, a former High Court judge, is now firmly in the limelight, with his report due to be made public by the end of the week.
The GCSB is a department of state under the Government Communications Security Bureau Act 2003, which contributes to the national security of New Zealand by providing foreign intelligence to the Government to protect and advance the security or defence of New Zealand, our international relations, and international or economic well-being.
In doing so, the GCSB is entitled to intercept foreign communications and access foreign communication systems. Subject to limited exceptions, such activities require warrants or authorisations from the responsible minister - which is almost without exception the Prime Minister.
The GCSB is permitted to provide information it obtains to the police for the purpose of preventing serious crime.
The GCSB is "watched" by the Inspector-General of Intelligence and Security. The 1996 act of that name says Mr Neazor's role is to assist the minister to ensure that the activities of each intelligence agency (including the GCSB) comply with the law, and to independently investigate those complaints from New Zealanders relating to intelligence agencies.
His role deals with legalities, and ensuring that the processes of the intelligence agencies safeguard their compliance with the law, so that statutory authorities are properly obtained and complied with, and that the information so obtained is properly handled. He has the power to enter the premises of intelligence agencies, view their records, hear evidence in private, and take evidence on oath.
So can New Zealanders trust that they are not being illegally spied on?
In 2011 there were no complaints to the Inspector-General about the GCSB - but its sister agency, the Security Intelligence Service, was the subject of 11 complaints that year, mostly about the Service's security vetting function.
The SIS is governed by the New Zealand Security Intelligence Service Act 1969 , and the irony is that the SIS could lawfully have carried out the interceptions apparently at issue, provided it had been able to obtain a warrant under its own act from the Prime Minister and the Commissioner of Security Warrants.
One of the most interesting interviews I conducted when writing the Public Law Toolbox was with Mr Neazor. Both he and his secretary work part-time, so how do they manage to oversee all of the activities of both security agencies and their combined staffs of around 500? The Inspector-General's budget for 2012/13 is a little over $130,000 versus the combined budget of $100 million for the GCSB and the SIS over the same period.
New Zealand's system requires a high level of trust that its security and intelligence agencies are capable of policing their own compliance with the law and are willing to do so.
Mr Neazor develops a high level of trust with the intelligence organisations so that they usually come to him when the internal systems of those agencies pick up a lack of compliance. And Mr Neazor stressed to me that the agencies usually do self-report, and have done so in the past.
The question the Dotcom incident raises is what happens when the agencies' own systems don't work and they don't know a mistake has been made.
If we want to safeguard against that happening, then we need to consider devoting more resources than we are currently giving to oversight of the GCSB and the SIS.
The reason is that the alleged illegal spying on Kim Dotcom appears to raise issues of competence as opposed to clandestine misconduct or unconstitutional behaviour. Maybe a backstop regulator is not enough and we need a watchdog with greater resources to undertake more frontline oversight.
So what can Mr Neazor do now that the Prime Minister has referred the Kim Dotcom matter to him? He can make recommendations about the conduct of an intelligence agency, and report on compliance with those recommendations.
But he must have regard to the requirements of security when carrying out his functions, which may limit what he can write in the report we see tomorrow.
Finally, the implications of any illegal spying for the extradition proceeding against Mr Dotcom will depend on what information the GCSB actually obtained about Mr Dotcom, who they gave it to, how material that information is to the Crown's extradition proceeding, and whether unlawfully obtained information would be inadmissible under the applicable US law. This ain't over!
* Mai Chen is a partner in Chen Palmer and author of the Public Law Toolbox.