Gordon Campbell on the Ian Fetcher resignation, and the GCSB’s new role
Like most events in security intelligence, the resignation for “family reasons” of GCSB boss Ian Fletcher has got (a) a
simple straightforward explanation and (b) a complex, conspiratorial one. It may well be that after being
shoulder-tapped in Queensland for the GCSB job, three years of living in Wellington has been enough for Fletcher and his
family, given that the pending review of the GCSB would have required an even longer commitment from him. Three years of
Wellington’s weather is enough for anyone.
The more complex reason ? No one currently knows what the review of the security agencies is actually going to ‘review.’
Rather than a routine five yearly WOF process, it could well involve a total revamp : but at this point, the government
isn’t saying anything about the scope of what it has in mind. Working backwards from Fletcher’s resignation though, one
can speculate that a merger of the SIS and GCSB is on the cards. Perhaps Fletcher left because – on his CV – it looks a
lot better to be leaving now as head of an existing organization than to hang on and be the guy whose job has been
disappeared in a corporate reshuffle. Old school chum of the PM that he may be, Fletcher would be the underdog in any
contest with SIS head Rebecca Kitteridge to head a re-configured spying mega-agency.
The dubious rationale for a merger of the SIS and GCSB can wait for a later day, once it becomes clear whether that goal
really is on the government’s agenda. Given that the SIS and GCSB have different roles – one is supposed to protect
domestic security, the other is supposed to concentrate on international signals traffic – a merger would be bound to
add a round of bureaucratic musical chairs to an already confusing mixture of terrorism, corporate espionage and
state-to-state eavesdropping. A merger would not solve the basic problem that has dogged security services, here and
overseas. Basically, the spooks don’t need more intrusive powers to gather information ; they need to be better at
interpreting the information they already have. As things stand they either create a threat where none exists (eg Ahmed
Zaoui) or under-estimate the threat that does exist ( eg the Kouachi brothers, Man Haron Monis). The main problem is one
of interpretation, not detection. Would merging the SIS and GCSB increase their ability to get it right – or would it
just concentrate the capacity to get things wrong, in fewer hands ?
One thing we do know – because SIS Minister Chris Finlayson said so – is that while Ian Fletcher was at the helm of the
GCSB, he oversaw the installation of the Cortex cyber-security system.
“His tenure has seen New Zealand’s national security enhanced with the approval and initial roll-out of the Cortex cyber
security programme for the New Zealand Government and critical infrastructure organisations.”
Cortex is a menu of tools and services. What Fletcher has revealed about it so far is that it will engage the GCSB in
providing corporate security protections to the private sector that (a) the firms involved should be paying for
themselves and not getting the taxpayer to provide, via the GCSB and (b) that will inevitably entail the sharing of
secret intelligence with the private sector that will continue to be denied to ordinary citizens.
Fletcher says Cortex is a set of tools, rather than a single product, designed to protect key organisations in the
public and private sector from cyber-attacks launched from overseas.
"I'd get into trouble if I said exactly what it does, but…that menu is adjusted to reflect the circumstances of the
organisation we are dealing with."
The criteria organisations need to meet to qualify for Cortex' protection are also secret, but it appears significant
economic targets as well as vital network utilities may come under its umbrella. "We have looked very broadly," is all
Fletcher will say.
Vital network utilities? Like say.. Spark? Kiwirail? Chorus ? Fonterra? If the GCSB really is well down the track to
becoming a kind of mega cyber-security firm offering tailored services on a confidential basis to selected corporates
deemed to be of vital national importance – and with whom security intelligence will presumably be shared – shouldn’t
there have been some debate about this beforehand? In practice with Cortex, how will the GCSB decide what security
services its corporate clients should pay for, and in what circumstances the state, via the taxpayer, should pick up the
tab? Will a joint payment system apply, for services rendered ? When did Parliament get to sanction this new
entrepreneurial role for the GCSB? Normally, the centre-right gets very upset whenever the state crowds out private
enterprise. Not a peep so far though about this example of the process. And Cortex really is breaking new ground, beyond
business as usual for the GCSB:
"The approach we have taken has been a New Zealand specific-one," [Fletcher] says. "New Zealand does not have a big
indigenous defence supply chain so we have been in a position where we have been able to think broadly from the outset.
"But everyone I talk to, both our close partners and others, are really focused on answering the question of how
governments provide the 'public good' that is called 'defence' over what are broadly privatised networks and global
flows of data.
And thus, private enterprise gets treated as being synonymous with the public good. Too big to fail became too big to be
left to defend itself. It’s a brand new notion, as Fletcher intimates, of what constitutes “ defence.” And as we
approach the 100th anniversary of Gallipolli, it seems we are all soldiers in the service of the likes of Spark, now.
ENDS