Big Read: Speargun and mass surveillance - the confusion created by Simon Bridges

If our spies were able to carry out mass surveillance, would the alleged mosque murderer have been stopped?

It's a question raised by National leader Simon Bridges and one which has been dismissed by those with expertise in security intelligence.

They say the intelligence agencies have all the powers they need. Bridges says it's time to ask if they need more.

In raising the issue, Bridges - who refused to be interviewed for this piece - appears to have granted Project Speargun powers which don't resemble the way former Prime Minister Sir John Key described it.

The spotlight has gone on our intelligence agencies with the announcement of a Royal Commission of Inquiry into the massacre which cost 50 lives.

Questions have been asked of the NZ Security Intelligence Service - which specialises in human intelligence collection - and the Government Communications Security Bureau, which is the electronic spying agency.

READ MORE
• John Key, mass surveillance and what really happened with Speargun
• Spies warned of gaps in our security and came up with a plan
• Our spies disarmed by legal blunder amid 'high threat operations'
• Want to spy for New Zealand? The GCSB wants code-crackers

Other intelligence-gathering agencies, including NZ Police, Immigration NZ and Customs will also be part of the inquiry which will examine whether intelligence agencies could have - or should have - stopped the attacks on March 15.

Bridges took to media yesterday morning with questions over whether Project Speargun would have made a difference.

Project Speargun was a GCSB plan to put a probe into New Zealand's Southern Cross Cable - the massive pipe with carries internet traffic to-and-from the country. It was canned in 2013 in controversial circumstances and replaced with Project Cortex, which placed a filter across internet traffic through specific Internet Service Providers and to specific businesses.

Bridges told the Herald : "I'm not saying if we moved to higher technologies such as Project Speargun, which was abandoned, if we would know whether this would or wouldn't have happened.

"But we can say with the significantly heightened risks we face today than we realised, it would make us safer."

"The Cabinet paper of the time said that Speargun gave us, quote, 'an extended degree of protection for all New Zealanders'. That's certainly true in comparison with the much narrower Cortex which is really around public institutions."

And Bridges provided a description of Speargun versus Cortex in media interviews, telling Radio NZ : "Cortex is effectively up a few drives of businesses, their ISPs, looking at malware activity. What Speargun is, is actually on the highways, looking at traffic. I don't believe it's mass surveillance in the way the (Glenn) Greenwalds would say.

"It's algorithms getting down to trends and then from that getting a legal basis to go out and look."

On TVNZ : "Our government, the last National government, looked at these things. We beefed up the security intelligence. I think in cyber security we pulled back. We didn't go to a thing called Project Speargun for example."

What was Project Speargun?

The way in which Bridges is pitching Project Speargun is at odds with Key's description in 2014, or at best, confuses it.

Key said Speargun was "all about protecting secrets, not getting secrets".

Documents released at the time posited Speargun as a national defence against malware (which Bridges made reference to in one interview) which might be used by foreign government or the super cyber-criminal packs. Malware is malicious software used by those groups to steal commercial secrets, harvest personal financial data or to install ransomware.

Key pushed back on suggestions Speargun was a proactive mechanism which would be used for intelligence gathering. Instead, it played more to the GCSB's cyber security role.

Even if it was intended Project Speargun would scan the metadata of intelligence targets - like the Christchurch shooter - then the 2016 review of intelligence legislation describes the difficulty the GCSB would face.

The report, by Sir Michael Cullen and Dame Patsy Reddy, said this of metadata: "Metadata is data about data, such as the time, date and sender of an email or text message.

"Metadata associated with phone calls might disclose the frequency and type of contact between individuals and the broad location from which messages and calls are sent and received.

"This type of information might enable the NZSIS to establish, for example, that a person of interest is in contact with a known foreign intelligence officer or ISIL recruiter."

The problem with mass surveillance

For those who have worked in the intelligence field, this gets to the difficulty of harnessing the power of electronic surveillance.

Intelligence specialist Paul Buchanan said surveillance programmes operate on filters which are set by instructing a computer to look for keywords and phrases, phone numbers or other traceable metadata information.

Buchanan, who runs strategic consulting group 36th Parallel Assessments and has worked for the CIA and Pentagon, said the right keywords which align with areas of intelligence interest produce information for human analysts to weigh and value.

"They use code words and phrases that will separate data."

So, hunting for bin Laden could see the system set to catch "jihad" or references to "bin Laden".

"If you're not putting in those code words, you're not going to trap them in your filters."

Buchanan said the keyword issue shows the importance of an agency focusing in the right area. He suspects the agencies were looking elsewhere - Islamic extremism, or spying by China - and not looking at the rise of the far-right.

This has been a constant question since March 15. Internationally, far-right movements have grown increasingly vocal. Here, the Muslim community has said it raised concerns in meetings with the NZSIS.

The Herald reported last week the agencies had yet to complete a plan on how to tackle the far-right. Andrew Little - the minister for the agencies - said it had been in the works since mid-2018.

Buchanan warns against ramping up spy powers because of the Christchurch atrocity.

"The powers you have would have sufficed if you had been looking the right way."

Massey University security studies lecturer Dr Rhys Ball - a former NZSIS officer - said: "If you want to, you can collect everything that is in the aether tomorrow if you were going to invest the resource to do so.

"The downside is, how do you process that? I'm not aware of the Batcomputer being invented yet," he said, referring to the 1960s Adam West classic Batman featuring a "computer" which produced instant answers from almost any input.

"At some stage, a human has to sit down and establish whether the information is relevant and needs to be investigated further.

The Herald has spoken to a former Australian senior intelligence officer who recalled receiving NSA assistance when its citizens were in danger in a conflict-torn country. The amount of electronic intelligence produced was such staff "were just overwhelmed".

Ball points to the $179m budget boost in 2016 and the passing of the Intelligence and Security Act in 2017.

"They've got everything they need to do their job," he said.

The new law now means the GCSB can help domestic agencies with electronic surveillance in New Zealand. It is also allowed to assist the police on criminal matters. The law hugely expanded the range across which the GCSB's powers could be used.

Avoiding surveillance

Ball said those subject to greater surveillance take increased counter-measures. An example of this was the hunt for Osama bin Laden. He evaded detection for so long because "he was hiding and didn't want to be found".

Bin Laden's network went "old school" and used couriers, passing messages face-to-face.

For those in electronic intelligence, the needle in the haystack shrank and often simply disappeared. It is a tool, which needs to be used with other tools - such as human intelligence - to get the best result.

In New Zealand, says far-right researcher and historian Tyler West, the far-right groups of interest are those who are technically able and technology aware.

He said increased powers would likely lead those groups to focus on evading or frustrating electronic surveillance techniques.

West said his research into the far-right community had revealed a younger, organised "cadre-building" element.

"They are internet savvy. The really serious ones are really good at ducking for cover."

He said it would be expected they would use encryption to disguise communication with each other and virtual private networks - VPNs - to disguise the physical origins of their online presence.

The value of intelligence lies in its accuracy and its timeliness. If targets turned to readily-available encryption, their communications don't slip out of reach but eat valuable time during the decryption process.

Herald investigations around the Dotcom affair revealed a bizarre arc of events after the FBI removed from New Zealand - contrary to a court order - a cloned and encrypted hard drive. Dotcom was pursued through the courts for passwords for about two years when the FBI announced, casually, it didn't need the passwords anymore. The reason, it seemed likely, was because the hard drive's encryption had been cracked.

University of Canterbury academic Dr David Small, who lodged an objection to the passage of new spy laws in 2017, said nothing has emerged to suggest more intrusive electronic surveillance would have caught the Christchurch shooter.

"It's a retrospective thing. I think it would mean they could trawl through all the stuff that happened in the past and see who this guy had been communicating with and construct and accurate picture."

But stopping the attack? No, he says, because he believes they weren't looking.

"They've been convinced it was all about Islamic terrorists and anywhere could be hit. If you dig down into it, this is a failure of orientation."

There is an additional area on which Bridges will not be interviewed. His claim the former government "beefed up the security intelligence" needs to be seen in the context of the previous government's refusal of a 2015 funding bid by the intelligence agencies.

The money was needed after a series of reviews revealed a diminished intelligence sector in serious need of a "brick-by-brick" overhaul.

In 2015 briefings to the then-intelligence minister Chris Finlayson, NZSIS director general Rebecca Kitteridge warned "the NZSIS's capabilities will continue to be less than the demand on our services".

"We will need to continue making difficult prioritisation decisions about which targets we investigate (and for how long) and which we do not."

In 2016, the spy agencies pitched for money again and got $179m to carry out a rebuilding programme which stretched years into the future.

It may have been the 2015 bid was too early. It may also be the delay until 2016 cost the intelligence agencies a year in building capability which could have improved its ability to detect the killer.

In a Herald interview with Kitteridge last year, she said of the period: "We weren't able to do the work we needed to do for New Zealand with the resources that we had."

In refusing to be interviewed on what was "beefed up", Bridges - who was in Cabinet at the time - said by text: "I am not responsible for the last government."

David Fisher is a member of a Reference Group set up by the Inspector General of Intelligence and Security to hear views on developments possibly relevant to the work of the oversight office. The group has a one-way function in offering views to the IGIS and receives no classified or special information.