Saturday, September 20, 2014

Whose Speargun is it?

In a hard to find post in the technology section of the stuff website, it was reported that the GCSB had confirmed on Friday the existence of ‘Project Speargun’, as Glenn Greenwald had claimed on Monday.

The site quotes an unnamed “GCSB spokesman” saying that Speargun was “a core component of the cyber defence project in its earlier iterations”, i.e. that it was the discarded ‘Option 2’ mentioned in the papers released by John Key few days earlier.

This is supposed to confirm what John Key said - that it was an option that never went past a business case, and that he stopped it because it was too intrusive.

What it does confirm is the veracity of Greenwald’s documents. But it doesn’t let Key or the GCSB off the hook, really.

According to the hastily declassified papers, the Cabinet Committee on State Sector Reform and Expenditure Control in April 2012 “directed the GCSB to develop a Detailed Business Case for implementation of Option 2 [Speargun] in 2013”, noting that “the implementation of Option 2 is preferred.” The committee includes of course John Key, therefore it was also his preferred option in 2012.

The NSA document from early 2013 states:
GCSB's cable access programme SPEARGUN phase 1; awaiting new GCSB Act expected July 2013; first meta data probe mid 2013.
This definitely sounds more like a project plan than the development of a business case.

Then in September 2013, cabinet “rescinded the decision [...] on the development of a detailed business case for Option 2”. Note the wording – it does not say that cabinet looked at the business case and decided not to proceed with it, as John Key claims, but that cabinet no longer required the development of the business case. Without the project being detailed, how did Key come to the conclusion that his previously preferred option was suddenly too intrusive?

One would have thought that a year and a half after being asked to develop a business case for a project that was “a core component of the cyber defence project” (according to the anonymous GCSB spokesperson), the GCSB would have done so. It sounds unlikely that the GCSB would not have made it a high priority to get on with it. Are we supposed to believe that the GCSB doesn’t really care about cyber security?

So we have the NSA document pointing to project ‘Speargun’ being well under way, with a first test having been planned for mid 2013, and a (previously top secret) cabinet paper from several months later, telling the GCSB not to bother with writing the business case for it. Could it be that this was because by that time the project had been taken over by the NSA?

What speaks for this theory is that the first paper from 2012 mentions that ‘Option 2’ “requires significant scoping and consultation in order to identify the full range of risks and dependencies for the government”, i.e. it was quite complex and possibly beyond the capabilities of the GCSB.

Friday, September 19, 2014

Cortex, 'Operation Speargun' and Surveillance in NZ


This week saw the introduction of another surveillance term to the world: 'Operation Speargun'.


It is another of a growing list of surveillance programmes and tools that have come to light over the last year: Prism, Boundless Informant, XkeyScore, Tempora, Shelltrumpet, Honeytrap, Egoistic Giraffe, Evil Olive, Blarney, Stormview, Thin Thread, Muscular, Moonlightpath, Spinnernet, Trial Blazer, Treasure Map...to name a few. Most of the names are as bad as the Five-Eye powerpoint slides revealed by Edward Snowden since leaving his job as a sub-contractor with the NSA.

Glenn Greenwald, the former lawyer turned journalist who has been helping Snowden, came to NZ to release the documents. Within hours of Greenwald's arrival Prime Minister John Key was on the attack, describing Greenwald as 'a loser' and 'Dotcom's little henchman'. Key also played the jingoist nationalist card and several times pointed out that Greenwald was a foreigner and not with New Zealand's interests at heart. He even went so far to say, “We are a good country doing good things. This guy turns up ... he's not a passionate New Zealander.”

John Key has also once agan been repeatedly reassuring us that the GCSB is not involved in mass surveillance in NZ. He is keen for us to believe that the GCSB, in fact all the Five-Eye members, always act legally and never spy on their own citizens – they only spy on 'threats'.

Yet one only has to look at the swathe of material revealed by Snowden to know that the Five-Eyes are a force unto themselves. The five original key agencies that make up the Five-Eyes: the United States NSA, the British GCHQ, the Canadian CSEC, the Australian DSD and the NZ GCSB, have been and are involved in mass surveillance and data collection of people worldwide, including in their own countries.

They are not government run organisations that only focus on 'signals intelligence'. The Five-Eyes are intelligence agencies involved in mass data collection and surveillance. They are also agencies involved in pro-active spying, entrapment schemes and smear tactics.

'The Moment of Truth' – Operation Speargun
On Monday 15th September Greenwald and Snowden revealed Operation Speargun – a Five-Eye programme to be operated in NZ. A surveillance programme that the GCSB was working on, and had laid the foundations for, prior to the changes to the GCSB Act going through last year.

Operation Speargun was a programme to hack into the Southern Cross cable and install covert cable access equipment capable of monitoring all communications to and from NZ. The programme was ready to go, the first phase had occurred. According to NSA documents, it was only waiting for the new GCSB Act for it to be activated. (For some reason the government had decided to follow the law. Possibly the scandal over the illegal surveillance of the 80 plus New Zealanders that came to light in the Kitteridge Report meant the government wanted to play safe.)

Sunday, September 14, 2014

Sept 2014 Report on Communications Surveillance in New Zealand.

The Global Information Society Watch (GISWatch) has recently published a report on communications surveillance in New Zealand.

The report concludes that as a result of the GCSB and TICS laws introduced in 2013, surveillance of communications in this country has increased. The "new laws provide much stronger, direct state-sanctioned surveillance (including the use of metadata) by the GCSB, which it can use in domestic law enforcement."

The report is a concise report of the state of communications surveillance and the changes that have occurred since the raid on Dotcom's home in early 2012. The report summarises the GCSB spying that came to light as a result of that raid, the publication of the Kitteridge Report and the resulting acknowledgement by the Prime Minister that the GCSB had been spying on NZ citizens.