A review of the Security Intelligence Service (SIS) was not fully independent and, because it was voluntary, controversial information could have been withheld, the Islamic Women's Council (IWCNZ) says.
The report by an expert from a Five Eyes partner found the SIS was "broadly effective" at prioritising threats prior to the Christchurch mosque terror attack.
The Islamic Women's Council argued that any SIS failures would reflect badly on its overseas partners - so the report was not truly independent.
The council also questioned why SIS employees had a choice whether to take part in the review.
"Anyone who had controversial information could have withheld it," a statement from the council said.
"The reviewer conducted a database search but the report states that they can't guarantee they got everything. Intelligence officers are officers of this nation - why did they get to choose to participate in this investigation?"
The reviewer talked to about 50 of the 420 SIS staff.
The IWCNZ asked why an "extensive array" of factors that could have identified the Christchurch terrorist, discovered after the attacks as shown in the review, were not found in the run-up.
The SIS and the Government Communications Security Bureau (GCSB) were presenting their annual reviews at a parliamentary select committee on Wednesday.
The review recommended the SIS gauge the government's appetite for more intensive data gathering.
Minister responsible for the spy agencies Andrew Little has not ruled that out, though both he and the SIS review noted public reticence about it.
"Generally speaking, New Zealanders are nervous about our security agencies having unfettered access to a whole heap of data," Little said. This was "justifiable", and people wanted to know what controls were around it.
The minister said he had not received any proposal to extend the spy agencies' powers.
The 2019 Arotake report said the SIS needed more "direct access" to data. Even where intelligence law changes in 2017 opened the way for it to access two police databases, that had not happened.
"The review recommends that direct access negotiations in respect of the outstanding datasets (both held by NZ Police) are moved forward as a priority," it said.
SIS Director-General Rebecca Kitteridge said after her appearance at a parliamentary select committee today that it had turned out not to be worth trying to access the police's National Intelligence database, which they were only legally allowed to look at anyway if there was a safety threat to SIS staff.
"It was just a very big effort for something we would only use periodically" so they found a work-around, she said, adding that other changes required by the 2017 legislation took priority.
It also urged the agency to seek a law change to loosen up what datasets it had access to.
The Royal Commission of Inquiry into the mosque attack noted in its report the public might not accept data aggregation and analysis on a large scale.
"The key feature of bulk data collection is that a large proportion of the data gathered relates to people who are not intelligence targets and is of no intelligence value."
The key was filtering that out.
"More limited and less controversial changes associated with data reporting may be an easier place to start," the commission said.
However, it added that "bulk data can play an important part in identifying, understanding and averting threats".
"Where alternative methods exist, they are often less effective, more dangerous, more resource-intensive, more intrusive or slower."
The Federation of Islamic Associations has welcomed the SIS review as a step towards transparency, and critcised what it called inconsistencies in it.
An SIS spokesperson said it was natural there would be inconsistencies in the findings between the internal Arotake review, and the Royal Commission's final report which "superseded" it.
"These are different reports with different scopes, but both reports reached a similar conclusion; that there was no intelligence failure that contributed to the individual's attack planning not being detected," the spokesperson said in a statement.