Wrong, says the Prime Minister of the surveillance stories.

But John Key won't say why.

Don't believe what you read in the newspaper, says the Foreign Minister of reports New Zealand was spying on the Solomon Islands government.

However, there's no benefit in having discussions about it through the media, says Murray McCully.


And those doing the spying at the Government Communications Security Bureau won't assist, saying it doesn't comment on "operational" matters.

So, between the leaked top secret documents and the denials, how do we cut through to what's actually happening?

Broadly, the claim in relation to the GCSB is that it sucks up vast amounts of raw data from the Pacific which is then stored with the United States' National Security Agency.

The data taken from the Pacific can be searched using a computer system called XKeyscore which is operated from access points around the world including at Waihopei at the top of the South Island.

Is it true that there is bulk collection of people's data? And if so, is the information shared outside New Zealand?

The answer could be in the practices in some of the other countries with which we partner in the Five Eyes intelligence grouping of Australia, Canada, New Zealand, the United Kingdom and the United States.

The Five Eyes is a surveillance network with its roots in World War II, bound by a formal agreement called the UKUSA agreement. For almost 70 years since then, it has seen the five countries cooperate on intelligence gathering and sharing.

There are many close similarities in the way the various bodies operate. The nations are close - we send staff to work with them and likewise, their intelligence staff work out of New Zealand.


To operate effectively as a network, we have to cooperate effectively. Part of doing this is similar laws, methods and systems.

So, when the UK's Intelligence and Security Committee released its report into its surveillance practices last Friday, there was much in there which matches the allegations made here and gives credence to claims about how New Zealand operates.

The UK inquiry, a historic event, followed the leaks from former NSA contractor Edward Snowden. It paid tribute to the close links between the intelligence agencies and those abroad, stating: "The (security) Agencies have long-standing intelligence-sharing agreements with many international partners."

It heard from the Government Communications Headquarters - it's partner to our GCSB - that "SIGINT (signals intelligence) partners can receive intercepted material directly from each other".

The committee's report quoted GCHQ as saying "our default position is to make all our reported intelligence sharable with our [Five-Eyes] partners".

Reported intelligence is that which has been developed beyond the raw feeds it has available but the report also covered the sharing of "raw intercept", confirming that GCHQ did seek and receive such information from the NSA. It did so legally, and did so without a warrant because on the occasions it did seek the raw data there was already a warrant in force. On the issue of "raw intercept", the British committee signalled further safeguards would likely be needed.


The committee also found that metadata - what it called "who, when, where" information - was also provided by overseas partners. This type of information included communications by email, land and mobile phones, social media communications and other contacts between two or more points. In terms of value, this was considered greater than other means of interception.

It would seem our partner agencies do both of the activities the GCSB is said to have done. That is, they provide information between intelligence organisations, both fully formed "by default" and in its raw form. There is also metadata provided between Five Eyes members.

There is sharing, but what then of the scale of the interceptions?

"Bulk collection" does occur, the British committee confirmed. It says while GCHQ has the capacity to intercept the communications of individuals, it has to find those people first.

GCHQ needs to be able to conduct bulk collection "so that they can generate leads and obtain the information they need to then target those individuals".

Using keywords for searching, the British GCHQ hunts across the internet stream searching for a match. Its report used the analogy of hunting for a needle in a haystack with a magnet. The results are categorised, reduced again by algorithms and search tools before producing a manageable list of material from which selections can be made to access actual communications.


Bulk interception operates across a small percentage of those networks making up the internet, the committee was told. Even though it collects "vast numbers of communications", the total accessed on a global scale was "a very small percentage". It chose which to access based on the greatest likelihood of positive results. Yes, the tool could be turned inwards and search for British citizens but GCHQ first needed authorisation from the UK Secretary of State.

That came with a complication, the committee found. The nature of the internet was such that communications involving British people - protected as Kiwis are protected in relation to the GCSB - were often through offshore webservers and companies.

Those communications would also be swept up. It questioned whether the British distinction of "internal" versus "external" communications was still valid in the internet age.

The committee found bulk interception necessary, citing - as other US inquiries have been unable to - security threats which would otherwise have been unknown.

But it also made "substantial recommendations for immediate improvements to the existing system of authorisation and oversight". It also called for increased transparency, greater oversight and more protections for British citizens.

It seems then, that our partner agencies do engage in "bulk collection", of the sort described by former GCSB director Sir Bruce Ferguson in his Radio New Zealand interview.


""You cannot these days just individually select people ... you put out a big net, catch stuff, you throw out the stuff you don't want ... and you keep the stuff you do want," he said.

The British committee also revealed for the first time by the committee that GCHQ and its sister agencies had acquired "bulk personal datasets" of individuals - huge amounts of personal details about people which were subject to no oversight. The report is silent on whether the datasets, gathered from commercial and government organisations, are shared with Five Eyes partners.

On the type of collection, methods and scale, it is extremely likely we are walking in step with partners with which we have shared intelligence aims and material for almost 70 years. For us to do other than the British do - and the Americans - would create a level of dysfunction across a collaborative network.

The British report- from a society and a committee not known for its openness - detailed the methods its agencies used and gave the reasons why. It examined the safeguards and, in many areas, found they were lacking.

It also acknowledged there was "a legitimate public expectation of openness and transparency in today's society". Intelligence agencies need secrecy, it said, but "the Government must make every effort to ensure that as much information as possible is placed in the public domain".

New Zealand soon has its own review of the intelligence agencies, scheduled to begin before the middle of the year.


What a challenge for New Zealand. We, the smallest Five Eyes partner, have membership of the network through our history as a former colony of the United Kingdom.

Can we produce an inquiry report at least as detailed as that released in the United Kingdom last Friday?

Can we tell the public what the British public now know to be true about their own security agencies?

And if not, why?