Cortex, 'Operation Speargun' and Surveillance in NZ

This week saw the introduction of another surveillance term to the world: 'Operation Speargun'.

It is another of a growing list of surveillance programmes and tools that have come to light over the last year: Prism, Boundless Informant, XkeyScore, Tempora, Shelltrumpet, Honeytrap, Egoistic Giraffe, Evil Olive, Blarney, Stormview, Thin Thread, Muscular, Moonlightpath, Spinnernet, Trial Blazer, Treasure Map...to name a few. Most of the names are as bad as the Five-Eye powerpoint slides revealed by Edward Snowden since leaving his job as a sub-contractor with the NSA.

Glenn Greenwald, the former lawyer turned journalist who has been helping Snowden, came to NZ to release the documents. Within hours of Greenwald's arrival Prime Minister John Key was on the attack, describing Greenwald as 'a loser' and 'Dotcom's little henchman'. Key also played the jingoist nationalist card and several times pointed out that Greenwald was a foreigner and not with New Zealand's interests at heart. He even went so far to say, “We are a good country doing good things. This guy turns up ... he's not a passionate New Zealander.”

John Key has also once agan been repeatedly reassuring us that the GCSB is not involved in mass surveillance in NZ. He is keen for us to believe that the GCSB, in fact all the Five-Eye members, always act legally and never spy on their own citizens – they only spy on 'threats'.

Yet one only has to look at the swathe of material revealed by Snowden to know that the Five-Eyes are a force unto themselves. The five original key agencies that make up the Five-Eyes: the United States NSA, the British GCHQ, the Canadian CSEC, the Australian DSD and the NZ GCSB, have been and are involved in mass surveillance and data collection of people worldwide, including in their own countries.

They are not government run organisations that only focus on 'signals intelligence'. The Five-Eyes are intelligence agencies involved in mass data collection and surveillance. They are also agencies involved in pro-active spying, entrapment schemes and smear tactics.

'The Moment of Truth' – Operation Speargun

On Monday 15^th September Greenwald and Snowden revealed Operation Speargun – a Five-Eye programme to be operated in NZ. A surveillance programme that the GCSB was working on, and had laid the foundations for, prior to the changes to the GCSB Act going through last year.

Operation Speargun was a programme to hack into the Southern Cross cable and install covert cable access equipment capable of monitoring all communications to and from NZ. The programme was ready to go, the first phase had occurred. According to NSA documents, it was only waiting for the new GCSB Act for it to be activated. (For some reason the government had decided to follow the law. Possibly the scandal over the illegal surveillance of the 80 plus New Zealanders that came to light in the Kitteridge Report meant the government wanted to play safe.)

But before Greenwald even got to speak about Speargun at the Monday meeting – John Key did his own exposing and revealed Project Cortex. On one hand, Key appeared to be bravely declassifying and releasing previously 'top secret' documents to show that his government is not involved in mass surveillance. On the other hand however, Key's leaks seem to be little more than a side-show to distract the media and public from the spectre of mass surveillance.

Project Cortex and Operation Speargun are different programmes.

Project Cortex is the government's initiative to protect NZ infrastructure from cyber attacks – just like a giant 'Norton Anti-virus'. In hindsight, in August 2013 when John Key described the GCSB as just “providing protection like Norton Antivirus”, he had probably been doing some work on the Cortex project.

The documents released by Key show Project Cortex involves the NZ National Cyber Security Centre (which is hosted by the GCSB), the GCSB, various government agencies and a number of key businesses (probably Telcos and ISPs).

The Cortex documents could fool people into believing that John Key is right – the programme is just like a giant Norton Anti-Virus. But it is not.

The aim of Project Cortex is to defeat cyber attacks that cannot be detected by commercially available systems. This means Cortex does not simply monitor what goes in and out of the 'participating organisations' but collects meta-data to predict cyber attacks. In order to do this, large amounts of data first have to be collected in order to analyse it for patterns that allow these predictions. This is where Cortex can be linked to Speargun.

The Cortex business case also states that the GCSB will not undertake any software development itself, or contract it out. Instead Project Cortex will use existing programs and technologies. Yet one cannot read what these technologies are as the sentences following are redacted. It is possible that these redacted sentences contain references to the technologies already developed for use in Operation Speargun.

John Key said when releasing the Project Cortex documents, that it helps prove his case some surveillance options were rejected as going too far. In the documents there are mention of two options but little to support his statement. Nor to the documents mention any widespread surveillance option that was prevented.

Key has not offered any evidence of his purported stopping of a surveillance programme.

'We would know about surveillance' – really?

Others have also denied that a programme like Operation Speargun could happen here.

The CEO of Southern Cross put out a press release stating that it was impossible for spy agencies to tap into the cable without his company noticing. The NZ Inspector-General of Intelligence and Security Cheryl Gwyn also said she had "not identified any indiscriminate interception of New Zealanders' data in my work to date."

This raises the question – do these people think that NZ cannot be out-witted or fooled by the NSA and any of the other four agencies in the Five-Eyes? Brazil was out-witted, Indonesia was, Germany was – US citizens and British citizens were, so why would we not be?

Just this week, Spiegel Online published a report about a Five-Eyes spying programme used on German Telcos. The reaction of some of those companies was absolute shock at the level of spying that had taken place. 'Fuck!' was the reaction of one CEO.

Angela Merkel never knew she was been spied on. Nor did the president of Indonesia and his wife. But Key thinks it will be different for NZers. He is certain none of the other Five-Eye agencies are spying on NZers, because “If Barack Obama wanted to know something about New Zealand I suspect he'd just give me a ring.”

'Spied on and surveilled?' - Yes

The media and public can get bogged down in the technical terms and the red-herrings thrown up by politicians – but all one has to do is step back and look at the whole of the evidence that has come to light about surveillance over the last few years.

We need to not only look at what Snowden has revealed since he quit the NSA, but also recall what has happened since the raid on Dotcom in early 2012.

The Kitteridge Report alleged that 88 people were illegally spied upon by the GCSB. The Inspector-General of Intelligence and Security said the spying was “arguably legal”and the GCSB Act was changed accordingly.

Meanwhile the Telecommunication Interceptions Capability and Security Act (TICS) was passed. The TICS Act requires the Telcos to cooperate with the GCSB, something the Telcos rejected and numerous submissions were made against the Bill.

Many see the TICS Act as establishing the basis for mass surveillance in this country, it is legislation giving the GCSB power to surveil all NZ digital traffic.

Project Cortex specifically states “there will be no 'mass surveillance', and data will be accessed by GCSB only with the consent of owners of relevant networks or systems.” In tautological reasoning, this is consent that is required by law under the TICS Act.

And more lately a declassified summary of the NZ State Services Commission's report on the NZ Intelligence Community was released. The report said that the NZIC do not have clear priorities, do not work together well and have a naïve faith in wanting to copy the structure of the NSA. The NZ Intelligence Community rely too much on the Five Eyes network.

NZ is part of the Five-Eyes network. The Five-Eyes do undertake mass surveillance. We are part of it.

Is Key still waiting for that phone call from Obama?