IGIS report on NZSIS access to CusMod and APP data
IGIS report on NZSIS access to CusMod and APP data
14 December 2017
The Inspector-General of Intelligence and Security, Cheryl Gwyn, has released a report relating to the New Zealand Security Intelligence Service’s (NZSIS) unlawful acquisition by NZSIS of Customs data from 1997 until 2016.
The NZSIS had direct access to a dedicated Customs computer terminal, referred to as CusMod, which contained information on passenger movements in and out of New Zealand, including information relating to many New Zealanders.
The NZSIS could access this dataset to find out when people identified as being of security concern travelled into or out of New Zealand.
Ms Gwyn says, “I have found that at the time there was no lawful basis under the Customs legislation, the New Zealand Security Intelligence Service Act, or any other legislation, for NZSIS to access the CusMod data. Nor do I accept that this was legitimate ‘ask and answer,’ as the Service asserted.”
‘Ask and answer’ is shorthand for the lawful process by which any person or agency can ask any other person or agency for information. It is up to the requested body to decide whether to disclose the information.
“In the legislation in force at the time, which contained detailed information access provisions for various government agencies, there was no scope for ‘ask and answer’ to operate alongside that regime. In any event, NZSIS did not make case-specific requests for information.
There is no proper analogy between the legal power to ask another party to disclose records about a particular matter on a case-by-case basis, and the extensive powers of bulk access that the NZSIS purported to use.”
The Inspector-General’s report also addresses the NZSIS’s past access to Advance Passenger Processing information (APP), held by Immigration New Zealand. APP is basic information about the passenger and the flight, which is primarily gathered at the overseas boarding port. It enables an off-shore component to border security.
Ms Gwyn says, “While access to APP was not determined to be unlawful, I am concerned about how the NZSIS might use stored APP data.”
Ms Gwyn made two recommendations in relation to CusMod data, which, if accepted, require the NZSIS to work with her on identifying the scope of the unlawful access and the appropriate remedial steps.
“My preference in respect of illegally obtained data that has been retained or shared is that the Service identifies it, and deletes the material it can.
In relation to APP, the NZSIS should satisfy me that there is a clear basis to retain any APP data obtained prior to the Intelligence and Security Act coming into force this year. Unless that happens, the data should not be used in any way.”
The relevant part of the new Intelligence and Security Act 2017 came into force on 1 April this year, and provides its own legal regime for obtaining both CusMod and APP information.
The Inspector-General is responsible for overseeing the activities of New Zealand’s two security and intelligence agencies, the New Zealand Security Intelligence Service and the Government Communications Security Bureau.
The full report is available here http://www.igis.govt.nz/publications/investigation-reports/
ends