Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SIS. Show all posts

Spy Agencies Exploit Computer Networks to Gather Digital Information

 


In a recent report, a new revelation from one of the country's two spy agencies revealed the agency retrieves information directly from where it is stored on computers. This is not processed. There has been a high level of secrecy surrounding the “exploitation” of computer networks at the GCSB for a long time. 

There have been comments by US commentators that computer network exploitation can be labeled as a form of cyber warfare, or "theft of data". "With the help of our legislation, we can gain access to information infrastructures, which is more than just interception," said Andrew Hampton, Director-General of the Government Communications Security Bureau. 

"As a result of it, we are also now able to retrieve digital information directly from its storage or processing place." The GCSB calls this "access to information infrastructures", or "accessing the infrastructure of information."

Hampton's speech to the Institute of International Affairs, given in May, was cited as the source of the revelation, by the spying watchdog, Inspector-General of Intelligence and Security, Brendan Horsley.

According to Horsley in his annual report released on Friday, he was able to use that time to make sure that the exploitation operations were thoroughly scrutinized. He was able to assure the public that they were not abused. 

He had been forced to refer to "certain operations" in the past. He said, "although it was subject to oversight, it was not possible to provide any clear public assurance of this." 

During his review of the compliance systems associated with CNE, he found that they were "on the whole, appropriate and effective". 

Even so, he was not permitted to elaborate on "the bureau's use of this potentially significant capability." 

According to the Inspector-General, the SIS is also doing a lot more "target discovery", resulting in the SIS having to manage a lot more data than it has been in the past, at a time when its checks and controls on data have not yet improved to the level they need to be. 

A review is currently being conducted by Horsley of the target discovery process by the SIS, and one will be conducted by the GCSB soon as well. 

After the attacks on the mosque in the summer of 2019, both agencies have intensified their efforts in this area. 

From civil liberties and privacy standpoint, one of the potential hazards associated with target discovery activities would be an intrusion into the lives of people who have done nothing to merit the attention of a national security agency, the Inspector-General declared in his report. 

There was no significant problem with Section 19 of the security laws as he concluded that the law simply required each agency responsible for monitoring or collecting data to be able to justify that monitoring or collection "other than the fact that certain ideas were expressed on a platform". 

A revised policy was adopted late last year by the GCSB regarding the practice of holding on to all of the extra data. This policy specifically states that the GCSB can not hold onto information solely because it may be useful to them in the future. 

On the other hand, a report by the same institution found that the SIS was struggling with its policy implementation. More than 93 percent of its policies and procedures needed to be reviewed before their implementation, and some of them, such as data analytics policies, were non-existent. 

Horsley said that decisions were being made based on draft procedures and that they had been used to guide them. 

There is an agreement between the SIS and DOJ to deal with the backlog of policies. Even though the SIS has already reduced its policy number by half, a policy's suitability for its intended purpose cannot be guaranteed in the meantime. 

In addition, it had a long way to go in reviewing its data-sharing agreement with the Department of Internal Affairs, which is also well behind schedule. 

As far as the SIS and the bureau are concerned, both have fine control mechanisms and effective ways to manage any breaches that may occur. 

When it was determined that sharing information among the agencies would result in human rights abuses, a change was made to the agency's joint policy about sharing information with foreign partners. 

As far as Horsley was concerned, the updated policy was "a marked improvement" on the 2017 policy, although he maintained reservations about some of the terms, criteria, and the handling of reports likely to have been obtained by torture, and he wanted more details made public about the revised policy. 

The report shows that he reviewed 63 spying warrants, 49 of which were the most serious, a Type 1 spying warrant. A New Zealander can therefore be harmed by someone engaging in what would otherwise be an unlawful activity to collect information about him or her.