11511131111

t-u?u  \wa 
731' 5 i 3 :13? :vi: 12111115334111.1130

 

 

a: 111121

    
      
  
 

New Zeal and
Security Intelligence
Service

'i?e P51 Whaitamammaru

 

 

 

 

 

 

 

ewe/17,7751? f7 ?17 

 



 

 

Briefing note

 

 

    
  
  
    
     
 

Date 1 December 2016
To Hon Christopher Finlayson. Minister in Charge 011111;. NZ-SIS-
From Rebecca Kitteridge, Director of Security

information

 

For you 1'

 

 

111__s11s Annual
Seiwrity Select
Committee

Purpose

 

1. On 6 December thei intelligence and Secunty ect Committee (ISC) will consider
the New Zealand Seem 11y intelligence Serv1ce Annual Report

 

2. This briefing note provides you wit
Committee are __.likely raise. 

overview of matters we anticipate that the

   

 

3. in addition attached to this bii?ie?iig note is:

   
  
 
 
  
 
 
  

A d1 aft cepy Of the D11 ector of Security 5 introduct01 remarks (Append'x A)

 

A draft copy the Director of Securitys notes for lesponding to questions.
including other matters not covered 1n this briefing note that maybe raised by the
_m1ttee {Appendix 

A copy of the questions provided by the Office of the Auditor-General for the
Committee and the Director of Security's draft responses [Appendix C).

. :?Please note that i will endeavourto provide amended copies of Appendix A- to you
the changes have been finalised in the interim i would be happy to discuss the
contents of this briefing note, the attachments, or any other aspect of em Annual Report
with you before the meeting.

hl?ll? 
I 
141-1351931193] n'r'ag 1 
l?I?u 1 11.1.r 

Page 1 of 4

 

 

2016 ISC Annual Financial Review

Remarks

'5 Opening

11:31

tor of Secur'

.





06 December 2016

Date

 

1300hrs

m1e:1130 



10 minutes

lmE

Allocated 

 

tes

ll'IU

=14m'

1421 words loop/m

0
.

Current Length

 

 

.vh?

n?c'd'z 

Page?l of'lQ

 B. .n mama
an. nut

t. k. tacwxuwism. Law}; 

 
  

  
 
  
 

. . . a . .wucmquS ucm bwuam ucm
252: 3m: 3: .0m 8 Ame, gm: 5% ma. 

     
   

  

mmuw magma

mmcm?. EcompmmEmmLO

   

             

 
      
   
 

31.9 .335
mam mag. mm




  

?v.4 

PageBof?lf?J

 
  





 

 



{side-

 

of

 

The foh?o
commifte

wing topf







2 3 2013
NZSES



8 SESSION.

EED

 

?it

 

cs are covered

From The Annual Report
in

 
 

n?

p?v-r-Hn

 



 

 

?nub
In?)

 

au'

 

 

Potential Questions

the 2015/16 NZSIS Annum? Report and

may arise 

DMSE
uring

1

3- 0.1.23?
the

 .. . .- 5-. . an M- ?In?

 



 

momma-flee
2 3 #:3ng? 20:3 run/1m;


    

DI 15-31- iU- 1-13--

 

 

iGlS Annual Report issues

Compliance Systems

The concern raised by the regarding this kind of activity by if accepted,
would have represented a significant departure from the long?held view by NZSIS
and other agencies that it was lawful for to conduct activity of this kind.

NZSIS has undertaken a substantial amount of work to resolve this issue. NZSIS
sought advice from an external barrister and Crown Law and has consulted widely

 

The fact that the law is so di?ficult to apply in an critical area illustrates
the problems arising from the age of the current NZSIS legislation This will
be remedied by the legislation that 15 before the House.

 

 

Overthe last 12 months the NZSIS has ?undertaken signi?cant steps to ensure our
compliance systems are up to the ?standard "required of as a modern security and
intelligence agency.

 

   

Robust compliance systems require constant attention, audit and revision This is
why the N2515 has stood up a dedicated compliance team over the past 12 months.
This will ensure that compliance within Ehe NZSIS meets the required standard.

 

As noted in the i615 2015 Annual Report the NZSIS still has some work to do on
implanting our compliance systems ".As at the end of JUne 2016 the NZSIS has
addressed over half of the recommendations made in our 2015 internal Review The
actions taken 0 date have-also-been designed to address the inspector-Generals
The remainder of the recommendations are on track to be completed by

 

 

 

 






Page 3 of ?19

   

 

 

 

           

   

   

 

 

 

 

lit1.5.1 In"- a) C) *1
mw mtg.
g; D- :93?1,31

Page 15 01?19

   
     

 

statesman"
23 :1in 20s


    

0:553:40. is? 3-?1



 

What risks exist in relation to the Service? compliance and performance until the I
recommendations are fully addressed and how' Is the Service mitigating these risks?
- Where operational policy and procedure has yet to be developed there remains a risk
of inconsistent and inefficient practices. Some non~compliant practices may -
currently not be recognised and go ?under the radar?.

 
  

- To mitigate the risk the Service Senior Leadership Team designated compliance as
one of its priority areas for 2015(16 and established a dedicated team I-gf'ComplIance
specialists This Team provides advice to all staff to ensure conSIstent practices 

        

 

. we recognise that implementing the review ?ndings will not Eliminate risk ofgn
compliance. An important and overarching objective' Is to encourage a siren and
positive compliance culture As such the Compliance Team works clos yvvith
subject matter experts across the Service.

 

 
   
 

 

What are the key improvements made during 2015/16 to the Services ComplIance and
PerfoI mance systems? What are the significant stIil to be
implemented and when are these expectedtd ?ffLiily addressed?

 

    

- We have implemented a joint Policy Framework With the with controls over
the drafting, approval and amendment of operatIo? al polIcy and procedures.

 

- Following a stocktake of among operational ance we have instituted a pi an to fill
any gaps in policy and procedure and new operational guidance :5 developed by
operational staff .

  

. Staff are required to report suspect dor actual compliance incidents. There are also
clear reporting mechanismst management and to the inspector-General of
lntelligence and Security we also track the number and severity of compliance
InCIdents The establishment ofa dedicated compliance team within NZSIS ensures

that any rned can be applied.

    
 
  

  
 

We have Installed nd commenced use of software to identify and assess levels of
- Compliance With ilegislation.

 

 

- Some operatIonal guidance has yet to be ?nalised and staff have yet to be fully
"trained iri this material. A risk based programme of audits has yet to be developed
audits wili provide assurance we the application of internal policy, may
?identify non- compliance and any inefficient or rest: ictive internal policy.

 
 
 
 

The review findings will be fully addressed byJune 2017

.- ?Ev-ax Ima- I:
Page 19 of 19

 

 

 



EECLASSEIKIED
thiu?I 
23 APR 20:8 am: .

1% New Zealand

- Security II'IteHigence Service
NEW zealand PO Box 900, W?eliington

 
 
  

 

Security Intelligence
+644472617o
Te Pa Whakamarumaru +64 4 472 8209

Immasecm'itygovtnz

16 March 2017

Hon Christopher Finlayson, QC
Minister in Charge ofthe NZSIS
WELLINGTON

Dear Minister

NZSI IS Quarter It Report

Enclosed is a pilot Quar tea [y RepoIt ovIdes oIIerv w- ofou1 organisation and our
key aIeas of focus ove: the past two Inonths.1he:e are two sections to the QuarteIly
Report: Oper atIons and porate' ln__the futuI the will cover thI ee months

 

 
    

Please let me know if you. want to teed any of the Ity InteIlIgence Reports refeI I ed to in
the QuaIteriy Report I also happy to foI'vicIIeI more detail and wave any questions on
the topIcs coveI edI.

  
    

 

I look giving your 

 

Yours Lincere

 

ebecca Idge
DEI ect0I of Secunty

misc! 

w?n?-I WQ 1 i

 


Ir

PHIL) 517-3 

I5, _r'v'wfr-

i L3 

 

 

 

 

   

  

New Zea} and
Security Intelligence
SerVice

PEI \T?Jhakamammaru

 

 

 

 

 

i

3

i.
i





 

  

    

    
 


5133 

  
   

 

 
 

angina 0 



   

 

 

implementing the new legislation is a significant "once in a generation? challenge and opportunity,
which we absolutely have to get right. The Legal, Compliance and Policy teams from both NZSIS and
GCSB are working closely together on this pl ogI amme of work. We monitor all 1: str?alfn progi ess

and identify resoua ce pi essures in line with the overall project plan.

 

 

 

 

 

{El-Our signi?cant grth'h put (5 pl essore on our existing IGSOUI ces to rec; uit vet on- boa: and t: ain

 
  

    

conSIdCI algle time for neat?I sta?tolgecome 

lly effective, In their

 

 

 

 

 

wily.?


 

Page 2 of 6

 Law.



9.. ?35 pt 

 

is?:

            

 
    

 

 

 

 

 

 

 

 

 

 

 

 

 

 

             

01?
um
115.0.)

?m
82


802.5

L194:


- 35?
[-5310 
'm
.4130.)
rugg-
?u?E
CUM
:1ch


- r0

01.9.53

(03.0
ECU:
CLQJ

u?Da?
.cc
.t'ra'g
?3m
?r?g
g.
.. Cl 

r556


ESE
88m

3?90
0mm

.228

-. 




CD5.
(.0
?4
CED:

u?i?jB

as


E. 

 

 

 

 

 

Page 5 of f3

 
 

In!? _nl


LLUHLL. I hunts-nu

 

 

 

 

   
     
   
 

New Zealand

Seem ity Inteliigence
Set vice

Te Pit Whalinmaruuim'n

 

. A

 

 

 

 

 

Briefing note

 

 

   

Date 17 March 2017

To Hon Christopher Finiayson? Minister in Charg 
From Rebecca Kittericige Director of Security 

For your information

 

Update on IGIS review of NZSiSE'satgessE to APP 

Purpose

 

I. This biiefing note uodates you on the Inspector of intelligence and
Securitys review of access to the APP databases and Ielated work
that NZSIS has been uIIderLaLIng

 
   

Background

 

2. As you knew some ago thEc 1 concerns with NZSIS about our access to
the APP and Cusiyioti c'EiEa'Etabases . evident that the law was very complex. and
appiies diffei entiv Ielation to both APP and CusMod.

   

 
 
 
  
  
  

 

 

 
 

On our IGVIEW of theE'E
some probiems in the way NZSIS had implemented the
i advised you the Solicitor-

 

finding revie IntoEthat issue (the fact- finding review' and undenook to advise
"the of you EErespectiveiy of any systemic issues issues not reiated to Staff
perrormance) identified In that Ieyiew

 

Advanced Passenger Processing which 15 a database heid by immigrataon New Zeaianci and Inciuo'es passenger 

data.
2 . . .

Customs Mooernisotlon Scneme which Is a database heio Customs New lesions} and betder 
Information of persons, goods and craft

Page 1 of 3

 
    
 
  

 

 

  
 

massing
23 see 2023

It: NZSES It

 

7. NZSIS has provided a copy of the advice to the iGlSand Is currendy woiiung through
the implications.

 
   



B. We engaging with the iGiS oI1 OLCJ to Cusixiod some of the

   
 
  
 
  

sta 

10.

In the fact- ?nding Ievzew we have taken and the iessons 

expect that the lI318 WIN draw on this IepOIt as she completes her own review Into NZSIS's
C-ise Che: findings In some idim.

 

11. It goes eiwith Ui. saying a 1 extI'emeiy 50m; to have identified an of non-
compiiance eiatlng to NZISIS's use of CusMod. I do think It re{ ects the weak State of NZSISs
sysIeIns sevcra?iCyeai as; Once you have the reIJoIt, i would iike to discuss it with you so
that yoCu can Che satisfied the 'eC have responded appropriately. strengthened our systems
suffICIentiy, and leaned he necessaiy iessons as we prepaie toin1piement the new Act.

 

   

 

         

DCE'stI'uctionCand- etention of data

Iel ion to access to both APP and Custxiod some questions of retention
and destruction of data ise. NZSIS is working thiough those issues with the iGiS and has
eI'IgagCC Law to pI ovIde advice on some aspects.

    

 

 

 

   

?"375- w, #19

'?tC 

 

Page 2 of 3

 


23 APR 
NZSES

     
   

     

s:

IGIS's Publication
13.

As set out above, the IGIS is likety to conctude her reviews into NZSIS's use of APP

and CusMod databases over the next few months. We will work chsely with your office as
she reaches the point of publishing her ?ndings.

\g?c?l?ec Cree 

Reinecca Kitteridge
Director of Security

Date:

   
   
  

 

 

  

I?ll/r?/Please 

 

H6 Finlayson
in charge of the NZSIS

""?Dlate: 11 MW 

 

.1- 
L. (Ji?i Lil." 

Page 3 of 3

 

 

 
 
 

   
   
 
 

 

   

New Zealancl
Security Intelligence
Servace

To i?fi Whaka maru mar-t1

 
      
  

 

Briefing note

 

  
   
 
 

 

Date 19 April 2017
To
From Rebecca l<?tteridge, Director ofSecurity

For your Noting

    
   
  
  

 

and use of
Part two

?8

      

 

 

Purpose

1. Today the Inspector-Gene'fai ot'ii3'jj?ntelligence and 'S'e'curity wilt provide you with a
classified report about ICT systems used for vetting
purposes. The will zj'?iStrib?te the ciassrfied report to a smaii
number of SSC and the Solicitor General)

on Friday 21 viill publicly; ell-ease an unclassified report on Wednesday 3

May. -- 

     

 

   

   

2. The pruril'fpoaseiof this 

outlina?ettfhe contents of the report;

in?orm NZSES has already taken to implement the
the report; and

fij'outline the next steps, inciuding communications with the public and key
sta ige'ii?e'id?is

 

 
 
 
  
  
 

was instituted under itt?t?dKii) of the Inspector-General of Intelligence
Act 1996 {iGlS Act). it examines NESIS systems governing the secure
"storage, accessibility and use of information about security clearance candidates.

The InspeCtor-General i?eieased part one of her report in April 2016. in that report.
the rnspectorsGenerai made a number of recommendations aimed at improving
existing systems for controlling and auditing access to vetting information.

 


tu?s?dUL 

Page 1 of 

 

 

 



[restrooms ..
ii 23 a 

3 a w?

 

 

Good progress is being made at adopting these recommendations. through a series
of operational changes.

5. This second report focuses on the remaining aspects of her inquiry, which relate to
the security of the electronic systems and aspects of electronic record storage.

6. introduced vetting systems between 2009 and 2013. The inspector-
General's report notes that although the took steps to identify an?di?iadigiress
security vulnerabilities at the time of adopting each of the four systemsfa formal
certi?cation and accreditation process was not completed. The 
accreditation process involves a formal security risk assessment.

 

   

7. The Inspector-General notes in the report that ?The certi?cation and accreditation
programme conducted by the NZSIS from June 2015 
several signi?cant security improvements made arounia h??tsame time, 
signi?cant assurance of the security of each it stands." -

 

 

 

 
 

8. The lnspector?General?s key a _e?s any 
in the vetting systems and to identify whether any past compromise has
occurred. Additional recommendations Elie Biggie-gibbout imp-roving existing
systems for controlling and 35-0955 to VEtEing
information inside the N2515. 

 

 

9. A number of steps have been or are underwayto address the inspector-
General?s part duo of th' "i?"can provide Sa?ssurance that}

   
 

all. ?at?

 
    
 

 

 

extsteps

  

12. We are now focused on embedding the full set of recommendations from the
Inspector?General. These will require a longenterm programme of work, in some
cases requiring changes to processes and systems to institute audit and access
controlsIIH Uul'n ll?FI?I?U't?u"

Page  

mosaics
23 Iii-"t 20:3


 

 

 

 

13. A broader update wili be provided to you neXt week on the overall Status of vetting
and the work underway on the Vetting Transformation work programme.

Communications approach

14. On Friday 21 ii the Inspector GeneIal will provide a copy of the public report and
the classified appendix to the Chief Executives of NZDF MFAT NZ Poiice SSC and the
SoiicitOI General. I will write to these Chief Executives to reassure them that they
can be confident in the secwity of NZSIS vetting systems. 1 ml! also pIovIde them
with questions and answers that they can use with their staff once the i
General releases her public i?EpOl t. -

  
   

15. On Wednesday 3 May, the Inspector- General will he: publi repor'ts'?and make
a media statement Following the release i will make a media statement available
on the NZSIS website. i have attached the draft statement this inefing. lwi also
write to the other public sector Chief Executives and the qucsuo I
answers for their refeI ence.

 

 

     
 
  

Recommendations

Ire 

1 Note the contents of report



Note the Steps aiready underway IoI-rimpiemeI-ii}
recommendations In the repo._.

i to

Note communications 

       

 

Rebecca L{Kitteridg'
Director or" Sec?urjity

Z?w

Hon Christopher Finlayson
MiniSter in Charge of the NZSIS

jg? ?w ?ay/3'2.

are}:
I?m uuni ILJLIH 

Page 3 of 4

 

.
23 APR 20i3 
we 3:

Draft media statement from the Director of Security

1.5 

 

 

 

i welcome part two of the report into the NZSIS holding, use of, and access to, information
collected for security vetting purposes and accept all of the Inspector-Generals
recommendations.

cli 
NZSIS has Am?rovements to security of the vetting system including regular ongoing
testing for system vulnerabilities 0i compI omise and strengthening access co 

   
 
 

All four vetting syStems are now certified and accredited There has beenzgrio ndication
germ-e of any breach 0: compromise of vetting information 

 

The inspector-General report notes "The certification accredltatlon programme
conducted by the NZSIS rom June 2015 to july 2016 seveial Significant
security improvements made a: ound the same time provides _a Slgoificant assurance the
secuI ity of each system as it now stands. 

 

     

NZSIS vetting staff take the responsibility of holdin :Ipersoii?al seriously.

 

i am committed to ensuring our vetting systems and piocesses'continue to comply with
government security requirements -

 






Page 4 of 4

  

   

 

DECMSS 

 
   
 
  
 

 

2 3 em 2% new "Z?E'Hm'a'tii? 
New Zealand
. Security Intelligence Service
ealand 00 Box 900 WeIIinnton
Security Intelligence 
Service +54 4 472 6170
Te Pa Whakamarumaru +54 4 472 3209

rlty.govt.nz

21 April 2017

Andrew itibbiewhite

Chief Executive

Department of the Prime Minister and Cabinet
WELLINGTON

Dear Andrew

 

Inspector-General of Intelligence anti SecurIty Report Review of
NZSIS holding and use of, and a 55 t9, Inf rmatton collected
for security vetting purposes

 
    

Today, the Inspector-General has SEHL an embaIgoecl copy of paat two of he report on
the Review of NZSIS holding and use of, and access to,- colI?ectecl for secwity vettmg
purposes Part one was released In April-2016.

 
   

 

The report contains ItIi?l? lnspector-Genetal' in relation to security
compliance and the adequacy of access iols fer the eiectionic record keeping systems
used ror vetting Information

   

NZSIS intI oduced fouI ICT vetting systems ljetween 2009 and 2013 The inspector-General?s

report notes?""that although the N2515 took steps to identify and address security
time of adopting each of the four systems, a formal certification and
accreditation process was no Icornpleted The certification and accreditation process
evolves aI Iformal seCtIrIty I'i'assessment

 

    
     

The inspector-I "heaters in the report that ?The certification and accreditation
procramme conducted by the from June 2015 to July 2016, together with several
significant improvements made around the same time. provides a significant

assuran' 'Ifthe security of each system as it now stands.?

 

   

All If vetting systems are now certified and accredited. There is also no information to

 

suggest there has been any breach of the vetting SYStems securIty

 

- 

cy u: tilt:

   

c. =an .3. ..

Li: [tuna-say avid" ulh?i?o 


?It/3. :th
?s

 

 

 


va'I?r 


Risi?w'mm

.96
Trunk," 

Page 1 of 3

 midst? i4 121



 

have accepted all of the Inspector-General?s recommendations and the will be
working to implement these.

i want to assure you that that the systems used to collect, manage and store vetting
information are secure.

i understand that the inspector-General will release the public report in early May; Following
the release of her report, I will release a public statement. have provided fu:__ther detail of
our response to the report below for your information. i am also enclosing uestIons and
answers document that you can use with your staff to respond to any you might
receive after the report is released publicly .. -

  

Security of NZSIS vetting systems

in term! 95225 to security vetting information

 

As part of her ryeview the inspector General undei took some testing of logged access data
NZSIS intemal systems to determine whether there had been any inappropriate
"access to vetting Information by NZSIS staff. There is no indication of any unauthorised
attess to vet 'ng Information

 

 

The report notes that although vetting staff ad here to relevant lT access
and have regard for the privacy of vetting information, this needs to be
supported, with better auditing and more access controls.

  

We Have taken several steps to further strengthen internal security controls around vetting
infOrmation including further limiting the number of people who have access to vetting
'"information, reminding vetting staff of their responsibilities, and reviewing some vetting
cases. We have also introduced regular audits of vetting files.



guns?nun; I L-U UIHLMI

_T?h 


Page 2 of 3

 

4dr 

   

 

?mg?a; :13
BL: 
. . 
23 ii? 20:8 :umczau 
N28 i 

 

 

As you will be aware, NZSIS has commenced a programme of work to transform our vetting
sewice. One aspect ofthis programme is redeveloping our vetting systems. I want to assure
you that the inspector~General?s recommendations wiil inform our plans for vetting systems
red eveiopment.

if you have any questions or concerns, please don't hesitate to contact me.

Yours sincei'eiy

  

Rebecca Kitteridge
Director of Security

Page 3 of 3


- 
73/ ?33 3 yin: 5 Cr: Mgr: -

 

necessitate a 7
5.
23 wet 20vii-ti
?Inuv I ?It55.5195 an: A 1.. a I: It? at"

5-5.:
a hq?t?wLJI'uIU 

 

 

G)

in



i?

 

 

 

 

esteem .. .. .- - -

 
 
 
 
  
  
 
  
  

New Zealand .



'l?e Ila ha 

 

Briefing note

 

Date 30June 201?
To Hon Christopher Finlayson, Minister in 
From Rebecca Kitteridge, Director of Security

For your information

 

Visual surveillance warrants aild'i'ti'rge'nt authdiijisiat-ions

 

Purpose

      

1? This note advises you king a visual surveillance
warrant or operating under an September 2017, when the

intelligence and Security ful?ls-after 

 

    
  

 

Background

 

2. As part of Forejgi --Fighters legislation, amendments were made to
the New Act) with effect from ?12 December
The lo of visual surveillance warrants to detect,

invesrigate; wruprev?nt a terrorist actand for urgent authorisations granted by the Director.
The quject to a s?'nset clause, with a rEpeal date of"! April 2017.

 

 

 

 

3 Although the -r]emzpirogis'ions provided critical new powers, they have been rarely
USEdSince 12 Deicenilggr?:2014 have approved one urgent authorisation and only four

have issued.

    

   

With effect 28 September 2017 the SA will continue to enable the provision of
intelligence warrants and urgent authorisations). The extends
powes . ..avisEi'al surveillance from CT purposes only to more general surveillance powers in
rgsibec? -. a person, place, thing (or class or') as authorised under an intelligence warrant,
also itith effect from 23 September 2017.

 
 

 
 
  

. - m. 

Sections 4lD-L'ilG, AC1

 

Nit-Leta- (p.213 Lac? CL ?3.ij Jo 

- Page of 2

E. ?H-teu" . ilk/Lt? cad-:5? RD .3 
x?l?l?il'i an!" Alt

 

 . w. . .





.J 4 w. 

 

 

striptease
23 are 20interim situation

5. With the repeal of sections 4iD~4lG of the NZSIS Act on 1 April 201?, the N2515 no
longer has the power to appiy for a visual suaveillance warrant or to utilise the urgent
authorisation powers until the relevant provisions of the take effect on 28 September
2017.

6. Although some provisions of the SA came into force on 1 April 2017 
and PaSSport Act provisions}, the relevant provisions empowering NESIS to conti?u
Countering Foreign Fighters legislation did not. This does not appear to have been:
decision but rather a drafting oversight. 

   
 

7? The powers that have lapsed have been used sparingly, and we h'Sipegthey will not be
required operationally before 28 September 2017. We are not seeiting a legislative solution
in the meantime. Rather, NZSIS will seek any warranted usual mannegan in
situations of urgency will look to use alternative Ministers? where-seeither 
Commissioner of Security Warrants is unavailable.

    

 

 

 

         
   
  
  
  

   

 

8. iwould be happy to discuss this issue with 

 

igelow ?halide/s2 

Rebecca Kitteridge
Director of Security

Noted I Diydss

l/

Hon Christopher Finiayson
Minister in Charge of NZSIS

Date: :2 "243/?

{wig-j . . 
1m lift it peanut/kl

lfv't?i'lr'i fifty; flJ/liwiETsz/?rg EM.
3 Umltj ?eitai?utml
ill/1t (par rota/r wt 
EOE/lewd [r 0010.; mail A

Mfg-?- fix/?1 Page 2 012


     
 
   
 

  

DEE: LhS?fdi: EIED
'23 APR 20i3

 

New Zealand

Secut ity Intelligence
Service

?10 Pa Who kamnruma r11

 

 

 

Briefing note

 

Date 6July 2017

To Hon Christopher Flnlayson, Minister In 
From Rebecca Kitteridge, Director of Security I I
For your information

 

urgent powers (qu2w ea: In,

 
 
 

 

Visual surveillance warrants and urgent 

   

Purpose

Further to my note of meeting-virithyou on Monday, 3 July 2017, I
outiine below additional detaii :clmo the ovc r510! means that visual suaveiilance
warrants or urgent authmisafio I vill-ISe unavailable the NZSIS until the Intelligence and
Secu: ity Act 7 ISA) taltes on 28 September 2017

  

   
 

Background

2. As part of the Countering Fighters iegislation amendments were made to
the New Intelligence SEIVICE (NZSIS ct) with efrec: from 12 December
2014' The ?mendments provided issuance of visuai surveillance warrants to detect,
Investigati: pievent a terrorist aIIct __anId for urgent authorisations granted by the Director
The amendments were SUDJECE to a sunset clause, with a repeal date of?: Wm il 2017.

 

   

 

With effect Iiom 2017 the will continue to enable the provision of
warrants and urgent authorisations). The extends
of visual. surveillance from CT purposes oniy to more general surveillance powers in
aspect or a person, piece, thing (or class of) as authorised under an intelligence warrant,

  

 

also with effeet ?jgni 28 Septembel 2017

  
 
 

period until 2? September 2017 NZSIS is unable to seek either a

You have asi ted how tnis oversight CICCUIFGCI. A review of the Cabinet papeIs

gecomunIs this was not a poiicy decision but an ovezsight. The Cabinet papers proposed the

 

SECtions ?Ito-4K3. NZSIS Act

?Minimal th I ., .
'thruuruwu In II i 

Ina-w 

nuu i ?nib ?a 

Page I of 2

 
 
 
  

 ED
23 AER 23:3


con?rmation of the Countering Terrorist Fighters iegisiative amendments The specdic
recommendations as to commencement and transitional prowsrons, however, iocussed
solely on the Passports Act 1992 and the Customs and Excise Act 1996 GT provisions. The
omission of any reference to the Act provisions within the transitional
recommendations was carried over into the drafting instructions prepared by DPMC. NZSES
did not identify the probiem until recently.

 

Hr?nw?npnm?n

W: 
1.1.37 



   
 

5



Allh 
MU

 

6. Accordingly this was nor a drafting error but an oversight arising within the Cabinet
recommendations and drafting instructions.

Operational approach



As discussed NZSIS rs not sees/inc a legisiative solution NZSIS 
legislative :ramewm it available until 28 September 20 [7

the I

8? i would he happyto discuss ?this issue with you further.

igeiaectac [dailies-nu; digit:
(3

Rebecca Kitteridge
Director of Security

I confirm and support the 



10er Beagiehoie 
Director 


No -ci I Discuss

Hon Christopher Finlayson
Minister in Charge or' NZSES

Date: 000ng ,Z?O?jle


. .

?wit-A 



?43: ?412: '53 

Page 2 of 2

  
     
       
  
  
   
 
 
 
 
   
   

 ma.

 

DE 
23 MR 2013
NZSES It; #:3333723

 

 

 

 

New Zealand
Security Intelligence
Service

Te PEI ?I?JhaltanIaI?u morn

 

   

avg-'Vebgyg - - -- I
9.252.?? 

?its?

 

Briefing note

 

Date zojuly 2017
To Hon Christopher Finlayson MinistEI In Charge frithe NZSIS

From Rebecca Kitteridge, Director or" Security

For your Information

 

 

NZSIS CusMod Direct Lea rt

 

Purpose

1. This brie?ng note Informs you that has completed the CusMod Direct access
Lessons Learnt Report and vviil soon report with the Office of the Inspector
Generai of al'id Secunty the Office of the PIivacy Commissionei
(OPC). -- - --

Background

     

2. Severe! ago an independent fact finding Ieview to
deteImIne how inSiS Impiernented the Foreign Fighteis Act 201:1 in relation to
hIstorIcei access to the CusMod database

 

3 FoiiowIng review NZSIS prepared a CusMod Lessons Learnt Report
"Setting out the system ssii?s identified In the review and the remediai steps the NZSIS has
taken In response

 

  
 

 
  
   

4. have shaIed the Cusiviod Lessons LeaInt report with New Zeaiand Customs and
where appropriate we have inciuded theiI comments

 

    
 

iease find the iinai RepOItattached. This IepoIt wili also be provided to OIGIS and

   

 

(mitts! a sauces-e he'd e: We Hes. Z'rza?ann fer-vie one or. Btu-r:- Inst-the ?(hi ?scalar-?I ?f are arm
good: and c=aft

pal-Inl-

n.
I I?ll; Lu




geioiQ

 
 
 
 
  
  
 
 
 

 

 

 

i335: ii" 
23 


[st?U I I 

IIZSIs

Key points

6?

Sharing and co 

7.
20i7.

8.
veISIon will be. pI Ovided (i With privileged legal materiai removed).

 

  

.. I The CusMod Iepoit
'betng pr owded In StIict Confidence and without waiver of priviiege

The CusMod Report is enclosed. The key points to note are:

ln December 2014, the Countering Foreign Fighters Act changed the scope and
nature of NZSIS's access to CusMod data.

  

The statut0Iy amendment and the associated administrative requirement
c0I rectly implemented by NZSIS at the time.

   
  
 

The primaly cause of non- -compliance is assessed to be the lack ofa dedicate NZSIS -
compliance function (a disagI eement in technicai understanding and communication
breakdowns between and NZCS).

   

NZSIS has now estabiished and implemented systems Saddress 
including a dedicated compliance function comprehensrve eve
compliance framework and central repository of to governmentai agreements

 

These compliance systems have been repeatedly and successiuily tested

    

The new compliance system ensured CusM' Ion compliance wes immediately
remedied and the new direct access: arrangements undeI were established

 

   

  

-l ssons from the CusMod

is committed to establishing and embedding thi- 
nctIons effectively, lawfully and

experience to ensure we peIfoIm our Statutory-'3
appropiiately

   
  
   

 

New Zealand Customs has stated that it happy with the current state of

coopeiation and in or: atIon sharing with 

 

 

  
 

 

InIcatIng the Lessons LeaI nt RepoI 

 

We intend- mto share the report-With the OIGIS and OPC in the week beginning 24 July

   

Some of the? material' In the CusMod Report Is legally privileged therefore a redacted

  

i be provided to un I?,edacted but with a disclaimer that

understand that he OIGIS may use or refeI to the Lessons Learnt Report in their Annual
Report. We will work with your office to provide communications messages should these be
reqUIred 

 
    

Nopz?/ Discuss

lit?? Ii.- {iv/J I 1mm

 

 

15?
Kitteridge 0 Hon Ch riSIopher Finlayson
ector of Security Minister in Charge of NZSIS

Date: If 257%

nr-n-r-ngn-r-r-I-n

. 


Page 2 of 2

 

 

Page ?1 01'19

   


3mg. 9. . .

 

 

Joi
Date

0
From
Foryour
NZSIS Vi

nt Bri
Ni

efi
Re becca Ki

 


23 EDEB



Secur
Hon Mi

14August 2017
Hon Chri

 

 

gel Bi
Informat

ckle
ion

tte ri

Te Pa
sa Screeni

 



 

ervice
ng Note

\mrza

   

stopher Fi

Whakamar
dge,

New Ze aland
1



chael Woodhouse
Di

ty Intel]
Deputy Chi

.

ng& 



 



       

               

ulna:
nlayson,

?9 

5-:

 
  

Mi

lgence

Mi

I'll

a

ef Execut

n1
rector of Securi



D:

a
.r

  




nriw.? 

        

IVE,


  

steri
ster ofimmigrat
ty
[mmigrati

Charge ofthe NZSIS





 

on New Zealand

IMMIGRATION

NEW ZEALAN 

 

 


a
U)



U-
?l

 

  


23 MR 20%
NZSES

 

nr-nnl?I-nhw


   

tit-IND ES L'r" ?53555?

2:
n:
I:




3:

a

 

Annex F: Proposed NZSIS Compliance Work Schedule

39. {it} The compliance team plan to conduct the following steps to review the
national security screening visa and MP processes within the NZSIS:

. Review the current operational guidance and training material for the-National
Security Check process and the APP alert system.l This Includes: 

    
  

 
     
 
 

Policy- National Security Checks
0 Immigration NZ Instructions - Requirement not to pose potential security
risk

 



. In, Conduct a "walk through? of syStems to cenfir"
documented in operational guidance.

 

 

are operating as

- (R) Discuss with resp nSIbie-staffmembers 5
la; - tam their level of awareness and applIcatIon of operatIonal
guidance and to Identi?/ any potentIaI gaps in controls.

 

   



- Ia, Provide written assurance as to the level of compliance and awareness of current
operational procedures, Identify any gaps and recommend areas for improvement

 

.13. 3- .. 

"i??fh I: cu 

4? 

Ul?u?d?l?l-Il 

Page?iB of19

Page1 of?

.2;th
Cl l?Lrl 

EH

     





 



?341

ND

 

'1?on



 

 

wax?w



 

an

53352 

 

NZSIS Quarterly Report Zjune to 1 September 2017- Cor. lorate

 



We:

 




19??

g.

 

. 232$

?ea

     
  

Securi


New Zealand
e1~v1ce

t3! Inten


1gence

 

 

 

 

 

 

 

 
 

 

 
 



 

- 

1?.va .. Mr

Page 4 of 



as Usual. demands

operat

 



September

processes (such as IT, finance and-H WI

'll-b'e'i



Kori

ti

sat'

rectorates wi
ing,

 

?ance processes Whi

rbu?
ng the IEgislati

on change and 





 

a nd gave:

th en _-recru_i

 

 

 

lied pesi

Our key chailenge is to sustain change mdmentum change implementation. Systems and
place to's'u_pport the new structure by the end of

 

 

ma nagi

ons and refresh

If?.


Di

   

 

 

 

 

tun?

 

ti

   

 

thei

ness pl

.

anmng,

 

 

 

 

 

 

 

23 203

in







EED

 

 

I 14?!

 

The 

2555 recogni

{Ids-9: -eg-
Ul?





ses the value of work of the 01615



and we conti

nue our constru cti

we and
Page  Ilw-?- we .. m. . .

v.4.q.m~onhmm.mmpn4 .n . .c ..

 



23 #5131 0 l?f??i 
I i. .. a, min-4a. ..

 

 

. ?ill-Kw": - crayaagmw
I thI?al 1 
ia ?1.33 it a? . _a g.
?33. 23 nilopen working relationship. The volume of reviews, inquiries and requests have involved
significant time commitment, particularly from legal staff. At a time when legislative
implementation work is also a critical this places a substantial workload on NZSIS.

:19- flu-IMJ}
??7.21 mi Uri?f! - 

ill! t?upfd: es

 

  
    

    
  

    
    
  

     

    

 

    

 

 

 

   

{Compliance
(U) The NZSIS Compliance Framework has now progressed from the
monitoring, reporting and continuous improvement.
The 2015 Review of Compliance at NZSIS identified a lack of toolsand prociesses to support staff in
their roles. We have now responded to all 45 recommendations the 2015 Review. As at August
2017 has: 
. Implemented a Compliance Framework and a Policy Frarii'eworky-g
. Established and resourced a dedicated Compliance a?i, -
. Created a?s?ln?gie and accessible source of truth to operational-iipdlicy and 

stare -

    

 

     

   
   

 

     

 
     
 

 

  

 

 
  

 
 

r.

Conducted a legislative compliance ?'ufve? ystemsandiprocedures to support
legislative compliance, 
. Encouraged a positive compliance cult?rezthg?ugh regu'lar-iggnta'ct with operational staff. There is
evidence that compliance is an increase in requests for
compliance advice and the speed with which suspi?gt?ea incidents are reported, and
. Developed a compliance audit; pirogijaimme and commenced auditing of operational areas.
in} Although the number of compliancemi?cidentsis red?ciri'g, we recognise that they will continue to
occur. NZSIS now has for incidents and guidance in place that will
reduce the likelihood of recurre?fcef The Team will continue to play a lead role in

reviewing and guidance 5nd remain vigilant to ensure it remains fit~for-purpose



and aligns with legislatl??n.


  
 
  

 

 

 

   

gun-n..? oo-d? ?hm?v



Page 8 of 7

 

 

525

.l

 

 

 

 

 

 

 

   

23 APR 2013

 

 

   

 

{11?

gence
LI

1
um



?W%?d1

Whakamal

New Zealand
1
Vlce
a

Secur
Ser
Te 

       
 

      

   
 

@M?l
31,

ee~

 

      

 

 

Covernote

 

15 December 201?

Date


ible for NZSIS

ter Respons

15

In'



ttle

Hon Andrew 





i

General of Secur

Edge. Director?

tter

i

Rebecca 

From

Ion

Informat

For your

 

         

NZSIS Quarterly Report

 

tak

IHCE

 

ith thef

I am pleased to present you 

 

in?g up your role
and updates you on the

         

it"s-Hand pr

irst NZSIS Quarterly-Report 

 

ies;

Ol?





att'

ional

operat

iefs you on 

is Report br

Th

 

 

     

     

 

 

 

  
 



 

 

draw-your atte nt

3 'o
?5 3

.9 



mac:-

3'0

3L3
1110.]
9.1373
U131:
e09


3553

.233
eiag
U1
ELL-.0
mg?"
?02-
5'59
034:
E'm-o
00.:


*2
03:0



mag
33?


econ?
?egg
Egm
9mm

Um
CNS
00m?
$13ng



IMGC
?tipanag



9?15?}



gen

ks the a



 

 

4.33
[3.1

or?
0

Fragr-


Page '1 of '18

Page20f18

          

- 

v. urn. nut?Iq"'

 

   

    



     

Hm
Kymthei



           

Revi

ng that ea:
ew of

?lieri

 

Compiiance.

the ye

Ail componen

ar NZSIS had responded 
ts

of a robust Compli

ail 45 recommendati

ance Framework are

ons made

 

 

 

3150 werth noti

Compii

A

5

ence Update

 

 

 

 

?wcma- -r



wn-u?Aws'


.., 

Mg?



?byw-

 

 

 

 

 

Corporate Update 1 September to 30 November

 

 

 

 

 

 

 


23 APR 2&8

133? 

a



U1




cl
Lu"!

I 


 

 

 

 4.-.

Page 6 of 18

 

nnc-cl-?i?II . ..

 

  

 

able to manage the overs:

nto 

he next quarter.

 

     

programme i

ness and respond?

ons for NZSIS and requi

progress wi
to i
1

fit] nqui"'

r1

9

 

Implement the EA has hadrresource i
ncluding legal servICes to the busi

ng tot

he OIGIS.

However,

NZSIS Wi

ustment of pri

conti

nue to be

 

 

  

ance framework and 
mpii

FEVIBWS.
CE tl

red readj

ori

cant work requi


ies



  

 

 

     

     

 

th-Our compli

nuesfto regularly engagewi
and her regLrIar warrant

   

mplementati

on of the ISA. The Si

gni



red

spec:



ce


95

In addi

respect to her on goi

ti

on regulariy updat

ng work programme and
as the on




Reso L1:

 


:r
9..

:5
at:



 

 
 

   

 

 

 

th the 



.on 


 

 

 

 

a5";

?51
-. w? .
.vlf?b

. v'xg

 

 

 

 

23 APR 20:8




If 

uh

I.
I



 

Iva-w



25

 

w:

o?

mszifw?k?:




rr

 

   
  
  

 



  

NewZealand
Security Intelligence
Service

Te Pa Whakamaru maru

Briefing note

 

Date 12 December 2017 I
To Hon Andrew Little, Minister Responsible for 
From Rebecca Kitteridge, Director-General of Sec
For Your information

 

 

final report into and APP databases

Purpose

  

i. The Inspector-Geneial of inteliIgence and Security will soon publicly release
her findings of a review of the New Z?aIand Security Intelligence Services (NZSIS) access to
information collected by other government agencies nder the Customs and Excise Act
1996 and the Immigration Act 2009 I 

   
      

2. This report is likely to draw medIa attention This briefing note provides you with
background to the Iong issue and _"cludes NZSIS 5 response to the report.

   

 

Summary 
3. key-Ipomts 

 

 

4. TheIICusMod databaseioperated by the New Zealand Customs Service) and Advance
Passenger Processmg (APP) (operated by Immigration New Zealand) are the key systems
hat allow to cieIermine whether peepie of security concern are entering (or

I departing) New Zealand They are critical to operations. .

 

   

   

The IGIS as?been reviewing historical access to CusMod and APP since 2015.
She __Is to issue her final report shortly (probably tomorrow]

    

IIThe-Ireview has taken several years. In essence, there were highly complex, novei
and disputed legal issues under old legislation around whether certain government
agencies, including NZSIS, could have direct access to the data contained in these systems.

Page of 6

 
  
      
   
 
 
 
 
     

 
  
  

 



 

8. The law relating to S?s historical access to CusMod is, even now less clear The
considers that access to the CusMod database pIior tojune 2016 was unlawful
Custo Ited by the i615 until yesterdaysgl

 

         

     
 

9. The legal questions are genuinely complex, but at the same time NZSIS accepts that
it did not properly implement the amendments to the Customs and Excise Act-t

 

  
 
 

 

administrative steps which were not properly completed. Itself Identified this issue
and selfnreported it to the iGiS. also conducted an internai investigation into the
compliance Issue and provided a "lessons learned? report to th6 

   

10 In her report the recommends that we work With er office and th Of?ce of
the Privacy Commissioner to consider how any opium obtained data should be
managed going forward. That recommendation provide a praCtIcai way forw" ?d to finalise
any remaining iegal and practical questions

 

   

11. The 1615 commenced her review in 2015 has been In- reguiar contact with
her and the Crown Law Of?ce about this IssLIe since then. The? Hon Christopher Finlayson
was kept briefed throughout the review process 

 

12. The intelligence and Security Act 2017 (the has explICItiy clarified and confirmed
iegai authority to access both databases The legal and compliance teams
have worked hard to ensureithat access is compliant with the ISA.

   

 

   

13. NZSIS accepts the iGiS 'i'recommendatIons and work with her office and Crown
Law to address any further necessary step

 

 

Background

14. The eview has a long history and involves a number of compiex iegai issues
(please refer to the attached timeline). Between November 2014 and March 2016 there
were a number of discuss'ons and exchanges between NZSIS the i615 the Crown Law
and other goveI nrnent departments aboutthe CusMod and APP issUes.

 

 

 

 

received APP travel data from immigration New Zealand since August

 

 

iThe issue is about whether NZSIS can treat historicai APP data stores in accordance with the reguiatory regime in the
and Security Act 201 7.

Page My?, 

   

 



 

 

 

 

DlviSi'F-CbE-l s16

16. NZSIS has had direct access to CusMod data since 1997. Cuslviod contains
information about border crossings by people, goods and craft and is an essential source of
intelligence for Prior to November 2014, NZSIS accessed CusMod for two discrete
purposes: ?travel alerts and intelligence searches'. This allowed NZSIS to be automatically
alerted when a person of security concern was travelling to New Zealand (travel alert), and it
meant NZSIS officers were able to search the database for information to pursue leads in
investigations (intelligence search). inteill lgence searches could be focused on any security-
related purpose, such as counter?espionage or counter?terrorism. The access wag provided

  
         
     

   

the e; ssitv

  

18 Given the importance of

government agencies
achieved through an amendment to the Customs and 5.3 A in December 2014. The
amendment allowed NZSIS and the New Zealand Police directly access CusMod to search
the database, but only for counter-terrorism Investigation purposes - any other purpose
was considered to be outside the scope ofthe: legislation 

   

  
  

 

19 NZSIS disclosed a copy of Crown Laws; draft advice Ito-i who subsequently
initiated-la review of access to CusModgand ostensible similarities APP 

 

    

   

 

20. As required by amendment NZSIS entered into a Memorandum of
Understanding with NZCS to govern its direct access to CusMod Unfortunately NZSIS later
realised that it had implemented this incorrectly and, among other things, had not
limited access solely to goonter- terrorism investigations. in addition some administrative
requirements were not fully complied wath

 

   

21. An internal investigation found these errors happened because of the lack of a
formal compliance framework within NZSIS and a lack of understanding by staff about what
was legitimate access identified Elgese arms and alerted the to them. The use of CusMod was
jUSted to ensure NZSIS complied with the as required by the iegislation.A A"lessons
?learned? report which did not include the staff performance issues but did address the

 

system issues) was-"extracted from the internal investigation and provided to the 

    

Between May 2015 and Ma: ch 2017 there was considerable back and forth betwe
the lGlS, and Crown Law on the relevant legal issues?9 (2 K-

Page 3 of 6

 

    
   

 ME.

24. The passing of the has confirmed the legal basis upon which NZSIS can access
Cuslviod and APP, and has been careful to ensure that it has implemented the new
legislation properly.

lGlS's findings and recommendations on 

25. The IGIS has now finalised her report into the Cuslvlod issue. it is due for public
release prior to Ch ristmas.

25.

   

unlawful if the is right (and there is no final Crown Law opinion on the issue" at this
point) then access to CusMod was unlawful both prior to thee-'22 law change as

 

well as after it when failed to correctly implement the amendment The 

considers that access over this time was ?systemic unlawful-access on a large scale

  
 

 

27. The does accept that once had completed I Internal Investigation into
the implementation of the 2014 amendment NZSIS chan? its processes 5 ?that it access
to CusMod was compliant from miti- 2016

 

   

28. The states in her report that it is ?troubling" that the was unlawfully
accessing the database following the November. 2014 law change. because it was at that
point expressly ?on notice? that its access needed __to be properly empowered and regulated.
She ?nds the failure' in this regard cant and? hard? tQ fathom?. As stated above,
while the law remains complex under earlier legislation, fully accepts that it
did not correctly implement 2014 ?amendment; it self?identified this issue to the 
took steps to investigate it and to ar "from what had happened

     

29. The 1615 also states hat failed to provade it with certain original unredacted
documents. specifically. independent report 2c0mmissioned by to investigate
systemic and staff Issues oncerning Implementahon of the 2014 amendment and certain
internal iegal adVIce

 
    

30. The;iGlS ma __es the foilowmgt recommendations.

 

Investigate and report to her on the extent to which it has iliegally
?accessed 

 
 
   
 
 
  
 
  
  

_.Uss and agree remedial stat35 With her and With the Privacy
omrrliss'ioner in relation to that data; and

satisfy her that there is a clear basis to retain the APP data obtained
pilot to 1 April 2017 for the purposes of using it as if it had been obtained
under the if and until that has been done. the data should not be used in
any way by 

 

31 The wants to receive substantive responses to her recommendations within
three months from the date on which she provided with a copy of her report. is
happy to accept those recommendations.

Page 4 of 6

 
 
   
    
  
   

.. 

 

 

41?.

NZSIS's response to the [615 on CusModePP

32. accepts all of the IGIS's recommendations. We will be working with NZCS and
Crown Law to determine the extent of any unlawful access in relation to CusMod, and
working with the i615 and the Privacy Commissioner as to the management of any
unlawfully obtained data.

33. NZSIS notes the iGlS?s criticisms of our engagement with her of?ce. I can assure you
that did not intend to obstruct the iGlS?s inquiries. provided he 'WIth of __the
majority of the information requested, but we did exclude disputed internal st
for reasons of procedural fairness. in addition, with the knowiedge of practice
has been only to provide her with finalised internal legal advice, drafts

 

 

34. Regarding the total volume of access as the notes earlier in her report (para 21),
the scale of access is not known at this stage. consider at the scale of access
should not be described as ?large scale? because CusMod used-to coliect mteiligence
about pre identi?ed persons of security and intel rice interest. i'ii'his "w not
indiscriminate bulk data collection.

 
 

 
 
   
 

35. it Is disappointing that failed to correcti Tmplement the 2014 amendment At
that time however the agency had no compliance team and relevant systems were
extremely week. A subsequent internal investigation in 20 7 found Ehe reasons for the
error included: -- -

 

 
    

 

- the lack of a formal compliance framework

 

. a misunderstanding by .. 2315 staff of what ?direct access'; and

  
   

 
 

unsatisfactory-en ment With NZC5:

36. has; done a 1ot of work to Ehese issues. A huge amount has been done to
improve the agencys compiiance With the law and increase its capability The core issues in
the iGlS?s report were identified by and proactively reported to her office by the

 

38. wi work with the iGiS and other relevant agencies g. NZCS) to address her
recommendations

 

munications

The Communications team in the Joint Directors-General Of?ce has worked on a

pian for the release of this IGIS report, and other iGlS reports which are

?also due for release prior to Christmas. We will work with your office to share our planned
communications.

Page 5 of 6

  
  
 
 

 

-.. 

DMS lift-f? 1 3-6

Recom mendations
it is recommended that you:

1 Note The iGlS will shortly publicly release a report about Yes/No
NZSIS access to CusMod and APP. NZSIS accepts
the lGlS?s recommendations.

2 Note NZSIS anticipates the report will generate media Yes/No
interest due to the finding of unlawful access

 
   
 
 
 
 

3 Note will work with your office to ensure you are Yes/No .
well briefed on our communications approach --

 

Rebecca Kitteridge
Director-General of Security

Comments:

 

Page 6 of6

 

. . ..

 

accuser-m
23 see 20:3
scrotum
3% :3 8 Dresses-1.NewZealand a? 

Serwce
Te P51 

 

 

 

 

 

 

 

 

 

  
   

   

Wawmassm sew/2W

Briefing Note

 

Date 12 December 2017

 

To Hon Andrew Little, Minister Responsible fo 
From Rebecca Kitteridge, - 

   

For your Information

 

1515 report on the legality and Warniggs gvenby 
response

 

Purpose

 

1. The has indicated?th?e reporter} the lggalityaqd propriety of warnings given by the
is likely to be released 13 December.

 

 

       

2. This briefing na?provqes?ieou Wii 9'

 

 

- An 

Anoutlineof response to the lGlS?s recommendations in her
.332}: re 0ft:

        

3 draw media attention, we have developed a communications
I fort-the rei??g?'QfE?iiS IGIS report. We will work with your office to share our planned
i

  
      
  
  

The giving of warnings by declared officers of the to members of the public is

a relatively rare activity, which is aimed at deterring unlawful activity (such as
travelling to Syria to join lSlS).

b. The has completed an inquiry into the legality and propriety of warnings given
'39i2il? W. a

   
 
 

   
  



5.. v.
bum?: the.? 

Page 1 of 

 

 


2 3 28:8 
i 

c. The 1615?s report, however, contains a number of recommendations about the
constraints that should appiy when NZSIS undertakes this activity. Broadly speaking,
the constraints are designed to ensure that a recipient of a NZSIS warning is
absolutely clear about the role of NZSIS, and that considerations of natural justice,
human rights and procedural fairness are incorporated into guidance,
training, and operational activity.

1-3.3

 

 

 

  
  

 

d. NZSIS agrees with these principles, and in fact for some time training and
guidance material has incorporated features of these principlesi?
continues to strengthen its training, guidance, standard operatingtpijocedures and.

explanatory material in line with the lGlS?s recommendations.

 

    

    

 

e. in some instances NZSIS considers that, for opglgajgional reasons, C'egtain
recommendations should be implemented in a 'a'ffei'ent way =':than that
recommended by the iGlS. ..

    
 
  
 
 

 

Background

5. ?6(5

     

  
  

 

6. The complained to?'the Ombudsman about the search. This
complaint was The former IGIS concluded that the NZSIS
had a lawful allowed re and powers of entry to the residence.

 
  
 

   

.. was impermissible as it was ??s's'a?tei?iy
?Tenf??rcemiaarIE and reggmmended that any practice of giving planned warnings cease until
an; pjn'iorffrom obtained. in May 20M the current iGiS initiated an own
tion in?uiry into'lthe practice of giving warnings.

  

Page 2 of 9

 

 



 

DECLASSIHEB

A .1 Wm 
HutJune 2017 the 1615 provided NZSIS a copy of her draft final report into warnings
After extensive consultation with NZSIS the is now ?nalising the report. The iGlS has
indicated that she' Is likely to release the report into warnings on or around Wednesday 13
December. -

 

Can be _a

  
  

12 The report acknowledges 59(?2Xh

listed in Appendix A on page 7). These recommendations __set out her views on an
appropriate mechanism for the to issue warnings Speclf?cally, they-g; ocus on
incorporating procedural fairness practices into the operational actiwtles and On
informing the subject ofa warning of their rights and theiroleand function fthe NZSIS

 

   
 

5 response to the iGlS's inquiry

 

13. agrees with the principles on which the bases her. recommendatIons and has
fully accepted 8 of he} 14 recommendations. -- --

 

  

   

15 it is important to note, hat the practice of giving warnings, such as the
examples outlined above, is not often use ?by NZSIS. The [(315 in her report on the inquiry,
has identified? no more than thraee __or of planned formal Warnings being used
by NZSIS There may be Instances {that have not been identified of informal warnings
coming up dunng NZSIS officer?s conversations with people they engage with in the normal
course of Operational actIvIty

    

16 the frse the lGiS?s inquiry, NZSIS has ensured that the training and
that staff recere when it comes to the practice of Issuing warnings is consistent
with the Crown Law dvice. Internal human intelligence standard Operating procedures
the Issumg of warnings have also been issued and these procedures are

currently beIn revrewed

 

 
 
  

 

 

17 NZSIS has also updated its existing information sheet (provided when an overt search
under wairant is executed) and is developing updated material for website about
the rple and functions of NZSIS to ensure that it iS more accessible to the public.

 

 

 

"vs-w e. -. war-f-I-it-?I-zf 
1 me.

Page 3 of 9

 
   
    

 

 

 

 

BEETMSEIHES
23 APR 2038

NZSES a . . 

18. +n-ao?dit recen issued Ministerial Policy Statement on "Collecting information

lawfully from persons without an inteiligence warrant or authorisation given under section

78? (MP5) emphasises the need for to ensure that in situations where 

engagement with an individual will lead to it making an assessment under its statutory
functions, procedural fairness requirements will apply, including:

 
    

A I ?an n. all: 
3; s. '1le {Va 3.. 3-945?; 
what'ti 

1-13

we

 

 

. NZSIS must make reasonable efforts to ensure that interviewees undergta'nd that
an interview is an opportunity to provide comment to inform ass??Ssm?ent;

. The purpose of the interaction, the voluntary nature ofan interview
any enforcement power should be made ciea r; and

 

19. Accordingly, NZSIS has taken considerable steps to strengthenitsproced
the same time the statutory regime has become much clearer and-"more trans?are

NZSIS accepts the principles of the zecommendationsbut Sizes not
accept all of them in their current form -- ii

  

20. While NZSIS accepts the principles underpinning in some
instances NZSIS considers that, for should
be implemented in a different recommended-by the 

21. The difference between of the is not very big, but I
consider that the for wanting to implement the
recommendations than .?ontef?pl??ted by the NZSIS considers
that it must have deai with unexpected or urgent
circumstances. ..

22. For example, ifiia :?lt?eiclared stalking to a young person who spontaneously
reveals are consideri?g? 'it'rayelling to Syria, providing a written hard copy
roles and rights-to that young person may not be appr0priate (and
in fact may That young person may be more receptive to the
rolesand the same information is shown on a mobile device.

23 Theseconversationsan be very delicate and may need the careful judgement of a
tr?inedNZSiS gfficer to o'hvey the criticai information appropriately, taking into account the
ratheri ?one size fits ail? approach. The NZSIS officers, who carry out overt

  
 
 

searcheggof a ubject of interests premises, engage with members of the public (including
iritiestigation) or issue warnings are well trained to deal with these situations.
where we differ on the specifics of implementation, we think we can meet

?spirit of'the lGlS?s recommendations.

ppendix A sets out our position and expianatory material in respect of each
"??recommendation.

un?t?! runway-1?! In?, 
we. My, .. 1? 
awn-?aw: 

Page 4 of9

 

     
 
 
  

 


23 28%?
i 3 If? presses-1.13

 

 

 

39 2x5)? 

 

26. wili always prefer to reach agreement with the on a form of
recommendations that NZSIS can implement while maintaining operational effeCtiveness,
but that has not been possible in this case. We are not unique in this regard' various
agencies over the years have diverged from Ombudsmens recommendations It hose

   

 

27. This is, however, the first time that an agency in the NZIC has fully actepted all of;-
the [615?s recommendations in a report in their exact form coupled with general 

Communications

 

29 The Communications team in the Joint Directors General Office has worked on a
communications plan for the release of this l__,GiS, report and other reports which are
also due for release. We WIli work With your office our planned communications.

 
   
 

Recommendations

30. it is recomm??i?ed,?ii??t you:

 

 

  
 
   
 
 
 

he inspector-General of intelligence and Security (iGlS)

ublish her report entitled ?Legality and
fwarnings given by the New Zealand Security
Service" on or around
13 December 2017

 

  

NZSIS accepts the principles behind each of the lGiS?s
recommendations, but does not accept ail of the
recommendations in the specific form proposed by the lGiS.

 

 

will, however, strengthen its internal policies and staff
training to ensure that the practice of giving warnings is
consistent with the principles behind the iGiS?s
recommendations and the Solicitor-General?s advice.

 

 

Page 5 of 9

 

 

occmsozmo . -- WW 

 
  

23 APR 20:3 I . 
.. ?uuwf-zumunm:
.16

 

 

4 Note

 

 

5 Note NZSES will work with your office to ensure you are weii
briefed on our communications approach.

 

note 
4inEter-3-13.12.17.

 

  
  

Rebecca Kitteridge
Director-General of Security

 

Hon Andrew Littie ..
Minister Responsibie fort-the 

   

  

4 3339.3.3?354 :95 51:52:19 31331-1.



Page 6 of 9

 

{ii}




 

A?cil-l?nl-?Iff?l _al 
awfu? inn?sq uu 

0? Jr,

  
       
    
   

APPENDIX A: Summary of NZSIS's response to each Recommendation

31. The 1615 makes 14 recommendations as follows:

 

 

 
 

 

. N515 must avoid undue interference with __c_lvil rights "such as war'?ngh
a recipient nut to attend a plate of rEligious ob5__c_rvancc or protest;

 

 
 

. must avoid ambiguity." far exampte Eeferring__ to potenlla
adverse consequences in litpada ins that teave th? to;
speculate: -.

       
 
 
 
 
 

   

-, NZSIS must avoid. imp _c_p purpo e, for example suggesting that the
NZSIS may act faVourably "or unfavourablyf 1n r?latlon to a recipient's?
immigratian__ application __hen the content f_ the warning Is not;
related to that apphcatton. 

  

       
      
  

 

llfih?hi'l?l 
"1-wa? 

PageTorEl

 


23 #39? 20:8
e? NZSES 

 

 

 

 

  
      
 

?Inspe- 

The'?N ejpp'i

      
    
  

 
  
 

   

t. ?Ht-3n!

It position shouId be that the recipient of a warning isgiven a copy 
of the lnfonnation sheet to retain. In those cases where the" ISIS he's
identi?ed a speci?c safety risk from retention of the 
shouid: 

 
  
      

   
  

 
 
   

      
  

. be provided to the recipient for the entire Icourse of the Interview
before being taken back and

 
  

    
 

 

- the recipient should be told that 
publfc on the N2515 website. 

 
 

a I..
I this?

Page 8 of 

 

 

oer; esseieo

NZSES 

 

 

 

  
 
 
   
 
   
 
   
    
 
 
 





NZSIS shouid incorporeie procedure! fairness obligations into its guidance for 
interviews where rights or interests are in issue. Further. as a matter of good 
practice. general guidance for inrerviews should address how to provide for
prior notica of the interview andlor deferral, and advice on the right to a
lawyer. There should be speci?c guidance on dealing with children and young

  

  

Hwy.? .. ram-Hanan! m- u_ a. 

'fo'c'i around in harterm 

    

    

NESIS clarify 1? cers have no power to:

incorporate the safeguards i have Identi?ed here into Its procedures
and provide accessible guidance on 3he NZSIS websrze for the pdbiic about

     
 
   
  

lFt??Il'l'l?t
- 2--

Page 9 of 9