A foreign agency ran a spy operation out of New Zealand's Government Communications Security Bureau for years without ministers knowing.
The Inspector General of Intelligence and Security has revealed this in an investigation out on Thursday.
It has found the GCSB knew when it agreed to host the signals intelligence system it could be used to support "military operations by foreign partners".
"The capability clearly had the potential to be used, in conjunction with other intelligence sources, to support military action against targets," the report by IGIS Brendan Horsley said.
The system operated from 2013 until 2020, when it was stopped by an equipment failure.
But government ministers were not told despite the agency knowing how sensitive it was.
The current GCSB senior leadership and legal team "apparently knew nothing of the system".
"It was 'rediscovered' at a senior level following concerns being raised in 2020 about another partner system hosted by GCSB.".
The system was of no benefit to the GCSB, which did not know what the outcome of the spying was, the inquiry said.
It faulted the GCSB for agreeing in 2010 to host the system:
- Without any due diligence
- Without full visibility
- With inadequate record-keeping
- Without adequate training, support or guidance staff
- With negligible awareness of the system at a senior level within the GCSB
"I note that the risk of GCSB support for the capability contributing to military action was moderated significantly by the geographical limits of GCSB collection," Horsley said.
"However, I find that the way in which the capability was operated meant that the Bureau could not be sure the tasking of the capability was always in accordance with Government intelligence requirements, New Zealand law and the provisions of the MOU."
"I was concerned that the Bureau had apparently decided to host in New Zealand a signals intelligence system controlled by a foreign partner agency without seeking ministerial approval and without subsequently informing its minister of the system's existence or purpose," the inspector general said.
The report added: "It seems clear the decision to sign the MOU [memorandum of understanding ] and host the capability was not put to the Minister responsible for the GCSB, or any other Minister.
"This inquiry found no record of any Ministerial briefing or decision, nor any reference to any having occurred. It found no record of the Minister having been informed of the matter at all."
But strictly speaking, it acted within the rules.
"Though the authorisation process for intelligence sharing at the time seems manifestly inadequate, a Ministerial authorisation in place in 2012 for the GCSB to share intelligence and cooperate with the foreign partner was broad enough to cover the capability and so the decision to host the system without further Ministerial approval was lawful," he found.
"It was improper, however, for the GCSB to decide on hosting the capability without bringing it to the Minister's attention. By doing so it failed to respect and enable Ministerial control of the agency."
The head of the bureau, Simon Murdoch, in 2011 had questions as he worked on the MOU, noting in an email that the legal team would need to be closely involved and that it would potentially require the awareness or consent of the minister, as well as consultation with the IGIS.
"This inquiry found no record that the legal analysis, consultation and engagement with the Minister or IGIS contemplated ... occurred."
Murdoch was replaced by Ian Fletcher in February 2012, and the inquiry found no evidence Fletcher was told about the capability, and Fletcher could not recall having been briefed on it.
Could it happen again?
The transition between GCSB directors remained "a vulnerable point", Horsley said - but, overall, it was much less likely to be repeated.
"The Bureau, its operations, its governing statute, its policies and compliance systems have changed significantly over the period in which the capability operated, and since.
"I also consider it less likely that the Bureau, after having entered an agreement with a partner agency, would implement it as poorly as it implemented" the (MOU) for the spy system.
The bureau's administration and record keeping were much better. Since 2021, both it and the SIS have had to keep a centralised register of foreign cooperation agreements, as the IGIS previously recommended.
"All arrangements must be approved and signed by the Director-General or delegate, or the Minister where the arrangement involves new policy."
Horsley has recommended the bureau compile a register of collection or analysis capabilities in New Zealand that are operated by foreign partners, and audit its systems.
Any international agreements needed regular review, and his office wanted to see them.
The worries about how the system would be used, exercised top people at the bureau in 2010-2012.
In fact, an offer to remove the capability for military targeting "was not taken up, but it is not clear whether it was given serious consideration", Horsley found.
The bureau signed up while understanding the system's "capability as directly associated with military applications".
"Ultimately the staff member who had raised concerns about possible use for military purposes advised others that the draft MOU addressed those concerns."
But there was no record how the "potential use for military purposes were mitigated", or sign of any substantive analysis.
The system was operated remotely within GCSB by its foreign partner, with the bureau giving it signals it had intercepted.
The MOU stated it would not be used to target a New Zealand citizen or permanent resident; no communications would be collected from local telecom networks without a warrant; and only metadata - a high-level view of online activity - would be collected.
The report said the patchy records that existed showed 29 tasks run between 2014 and 2020 - but no sign that the bureau asked about the purpose of any of them, though the MOU gave it the right to "know how the capability was operating at any time", to "check all collection requests for compliance" and to reject a task.
The whole arrangement was a "significant development" in the intelligence-sharing arrangements and "it was improper for the Bureau to host the capability without putting the matter before the minister".