The Intelligence and Security Act 2017(external link) (ISA) sets out the functions and powers of the IGIS and New Zealand’s two intelligence and security agencies, the New Zealand Security Intelligence Service (NZSIS) and the Government Communications Security Bureau (GCSB). The Act also sets out the process for appointment of the Inspector-General and Deputy Inspector-General, establishment of the office of the IGIS and the Inspector-General’s advisory panel.
The enactment of the ISA followed an independent review of intelligence and security by Hon Sir Michael Cullen and Dame Patsy Reddy in 2015-16. A provision of the Act requires it and the agencies to be reviewed every five to seven years.
IGIS functions and powers
The ISA continues the office of the IGIS, which was previously established by the Inspector-General of Intelligence and Security Act 1996. The ISA gives the IGIS functions, duties and powers to ensure the intelligence and security agencies act lawfully and with propriety; to ensure complaints about them are independently investigated; and to advise the Government and the Intelligence and Security Committee of Parliament on oversight of the agencies (s 156).
The functions of the IGIS are (in summary) to conduct inquiries into the agencies’ compliance with the law, to investigate complaints, to review and conduct unscheduled audits of the agencies’ compliance procedures and systems, and to review warrants and other authorisations issued to the agencies (s 158).
The IGIS must prepare and publish an annual work programme (s 159) and an annual report (s 222). The IGIS must consult the Minister responsible for the agencies on a draft work programme and have regard to any comments received (s 159).
For any inquiry the IGIS must prepare a written report of conclusions and recommendations and send it to the Minister responsible for the relevant agency and the agency Director-General (s 185). The IGIS must also publish a version of the report that does not disclose any information prejudicial to security (s 188).
To conduct an inquiry, including into a complaint, the IGIS must notify the relevant agency (s 175). An inquiry must be conducted in private and meet rules of fairness for the complainant and agency (s 176). The IGIS can summon and examine witnesses on oath (s 178), require any person to provide relevant information and documents (s 179) and enter (with notice) any premises of an intelligence and security agency (s 184). The IGIS has a right of access to all security records held by the agencies that are relevant to the IGIS’ functions (s 217).
The IGIS’ recommendations are not binding, but the Minister must provide a response to a report (s 187). If the IGIS finds an irregularity in an authorisation issued to an agency, that does not invalidate it but the IGIS may report the matter to the Minister and Chief Commissioner of Intelligence Warrants (s 163). The IGIS’ proceedings, reports and findings are not subject to any form of appeal or review by the Courts except on grounds of lack of jurisdiction (s 190).
The IGIS’ functions and powers are predominantly retrospective. However the Minister for the agencies is obliged to consult the IGIS (among others) before issuing any Ministerial Policy Statement under the ISA (s 211) and before entering or renewing any Direct Access Agreement (giving an intelligence and security agency access to the database of another government agency) (ss 128 and 132).
The New Zealand Security Intelligence Service and the Government Communications Security Bureau
The ISA sets out the functions of the NZSIS and the GCSB (ss 10-15). Their intelligence function (s 10) is to collect and analyse intelligence in accordance with Government priorities and provide it to the Minister responsible for the agencies, the Chief Executive of the Department of Prime Minister and Cabinet, and anyone else authorised by the Minister to receive that intelligence.
The agencies also have a protective security function (s 11), which involves providing services, advice and assistance to public authorities in New Zealand or overseas on matters of personnel, information or physical security. This includes providing advice to other agencies on national security risks, eg relating to visa applications and border security.
The GCSB has a further role (s 12) in providing information assurance and cybersecurity activities to government and private entities, as authorised by the Minister - NCSC webpage(external link).
The agencies have no function to enforce measures for national security, except in cooperation with other public authorities (s 16). The GCSB also has an exception in relation to its information assurance and cyber security activities. The IGIS has examined the effect of this limitation when the NZSIS issues a warning to an individual.
The NZSIS and GCSB may not take any action in respect of a person or class of persons solely because they are exercising their right to freedom of expression, including advocacy, protest, or dissent (s 19). This means they must have some additional reason to act, such as a risk or threat of violence.
Intelligence warrants
The NZSIS or GCSB may seek warrants to carry out activities that would otherwise be unlawful (Part 4). These include covert surveillance, intercepting communications, search and seizure, ‘human intelligence’ activity (the use of people as agents and sources) and requests to foreign governments or other entities to do things a New Zealand agency could not do lawfully (s 67).
“Type 1” intelligence warrants relate to New Zealanders and “Type 2” relate to non-New Zealanders (ss 52-54). A Type 1 warrant must be issued by both the Minister responsible for the relevant agency and a Commissioner of Intelligence Warrants (ss 57 and 58). A Type 2 warrant is issued by the Minister alone (s 60).
To issue a warrant for a national security purpose, the Minister (and where relevant the Commissioner) must be satisfied the proposed activities are necessary and proportionate to the purpose for which the activities are to be carried out (s 58). Other mandatory considerations include whether the purpose of the warrant could reasonably be achieved by a less intrusive means and whether the agency has made arrangements to ensure impacts on the public are minimised (s 61).
The IGIS reviews all warrants after they are issued.
Other permissions for the agencies
The ISA provides other mechanisms for the agencies to carry out their functions and collect information:
-
the ability to use false or misleading assumed and corporate identities (Part 3)
-
the ability to enter agreements (subject to Ministerial approval) for direct access to the databases of certain New Zealand Government agencies (the Police, Customs, Department of Internal Affairs, Immigration New Zealand) (ss 124-133)
-
the ability to get permission to access “restricted information” (tax information, tertiary student enrolment numbers, adoption information, driver licence photographs) (ss 134-142)
-
the ability to obtain business records from telecommunications network operators and financial service providers (ss 145-155).
The agencies may also simply ask for information from a wide range of sources (ss 121-122).
Ministerial policy statements
The ISA provides for the Minister to issue Ministerial Policy Statements that provide guidance to the agencies for particular areas of their activities (ss 206-215). An MPS is not law, or secondary legislation, but the agencies must have regard to any relevant MPS when making any decision or taking any action (s 209). The IGIS must take into account any relevant MPS when conducting an inquiry or review (s 158) - click to view MPS(external link)
The Intelligence and Security Committee
The Act continues the Intelligence and Security Committee, originally established in 1996, to provide Parliamentary oversight of the agencies (ss 192-193). The committee may ask the IGIS to inquire into the lawfulness or propriety of agency activities. The IGIS annual report is tabled in Parliament by the Prime Minister each year and the IGIS appears before the Committee to discuss it. The Committee also examines the agencies on their annual reports.