The "Cortex" system Prime Minister John Key made public to counter claims of mass surveillance of New Zealanders is now being aimed at the internet service providers handling the emails and online data of everyday Kiwis.

But the Government Communications Security Bureau said Kiwis' Twitter communications were safe, with the "eligible" internet service providers (ISPs) carrying less than 1 per cent of the country's internet traffic. Of that, it was expected 1 per cent at most of that traffic would contain suspect cyber activity and only 0.01 per cent to 0.5 per cent would be seen by a GCSB analyst alerted by an automated system.

The details were published on the GCSB website ahead of an expected announcement today by Communications Minister Amy Adams of a new cyber security action plan.

was revealed at last year's election amid allegations of mass surveillance by US National Security Agency whistleblower Edward Snowden and journalist Glenn Greenwald.


The Prime Minister said a system called "Speargun", which aimed to access communications by tapping New Zealand's internet cable, had been canned because it was too intrusive and that a different system called Cortex was being developed.

While "Speargun" was designed to capture anything, Cortex was introduced as a defensive system which would be bolted onto critical infrastructure in the private and public sector and sniff out trouble in its online traffic. While Speargun played more to the GCSB's intelligence role, Cortex was cast as fitting with its comparatively benign cyber security job.

The details on the GCSB website say it is carrying out a "malware free networks" pilot with an ISP which could later be rolled out to others. It says it is not compulsory for ISPs to join and ISPs are obliged to tell customers their data is being screened.

However, it also says ISPs are not allowed to name the GCSB as being involved because doing so could give hackers a signpost to valuable targets.

It rejected any suggestion it is "mass surveillance", saying it had an automated searching function to sniff out malicious traffic.

However, it also conceded that a rare set of circumstances could lead to GCSB staff reading people's emails. In those cases, "all a GCSB analyst would be looking for in an email is evidence of malicious cyber activity".

It says Cortex protection is important in dealing with intellectual property theft and data theft - including credit cards, destruction or hacking of private communications, holding data for ransom or attacking IT services.