This page provides background information on the Intelligence and Security Act 2017 (the Act) and the government’s two intelligence and security agencies – the New Zealand Security Intelligence Service (NZSIS) and the Government Communications Security Bureau (GCSB). This includes:
This information provides a snapshot of what the intelligence and security agencies do and what controls are in place to ensure they are operating in a lawful manner. Further information on the intelligence and security agencies, their oversight bodies and the intelligence function of DPMC can be found using the links below:
The Act was passed in 2017 to modernise and bring together legislation governing the operation of New Zealand’s security and intelligence agencies and their oversight bodies. It was based largely on the recommendations of the independent review by Sir Michael Cullen and Dame Patsy Reddy in 2016, known as the Cullen-Reddy review. The Cullen-Reddy review set out the basis for comprehensive reform and was the first statutory review of New Zealand’s security and intelligence agencies. You can read the full Cullen-Reddy review report here(external link).
The Act puts in place a single legislative regime for the NZSIS and GCSB, providing a single purpose and shared objectives and functions. The Act allows the agencies to act as necessary to protect New Zealand and New Zealand’s interests, with limitations and oversight applying across all of the agencies’ activities.
Section 3 of the Act sets out its purpose which is to protect New Zealand as a free, open and democratic society by:
The principal objectives of the agencies are set out at section 9 and are to contribute to the:
The Act outlines the agencies’ objectives, functions, powers and duties. The inherently secret nature of some of the agencies' work, along with their intrusive powers, means it is essential that there is robust and independent oversight. This oversight is to ensure the agencies act with propriety and operate lawfully and effectively.
Part 2 of the Act sets out the legislative functions of the intelligence and security agencies. The functions include:
Section 16 of the Act explicitly sets out that the intelligence and security agencies’ functions do not include law enforcement, except in limited circumstances.
Section 17 of the Act sets out the general duties of the intelligence and security agencies when performing their functions. These repeat the provisions set out in section 3 about acting in accordance with New Zealand law and all human rights obligations recognised by New Zealand law, with integrity and professionalism, and in a manner that facilitates effective democratic oversight. It also requires the agencies to act independently and impartially in the performance of operational functions.
Section 18 of the Act further specifies duties for a Director-General of an intelligence and security agency, which include political neutrality, keeping free from any influence or consideration that is not relevant to the performance of the agency’s functions, and ensuring that any cooperation internationally is in accordance with New Zealand law and all human rights obligations recognised by New Zealand law.
Section 19 says that any person exercising their right to freedom of expression does not of itself justify an intelligence and security agency to take any action in respect of that person.
Section 20 says that the Directors-General must regularly consult the Leader of the Opposition for the purpose of keeping the Leader informed about matters related to the agencies’ functions.
Outside of the intelligence and security agencies, the Act also sets out specific intelligence functions for the Chief Executive of the Department of the Prime Minister and Cabinet (DPMC). Section 233 of the Act states that the Chief Executive of DPMC is responsible for:
However, the Act explicitly states that the Chief Executive of DPMC must not carry out the two functions regarding intelligence assessments personally, but must designate an employee of the DPMC to carry out those functions. This employee must act independently.
The intelligence and security agencies are able to carry out lawful activity to collect information in accordance with their functions without needing to seek authorisation to do so. This could include, for example, collecting publicily available information on the internet in the same way that anyone else can.
Part 7 of the Act sets out that the responsible Minister must provide guidance in relation to certain lawful activity carried out by the agencies, including obtaining and using publicly available information and the provision of information assurance and cybersecurity activities with consent.
The agencies do need authorisation, however, if they want to do things that would otherwise be unlawful. Information handling requirements seek to ensure that information is lawfully retained and is not held for longer than necessary.
Parts 3, 4 and 5 of the Act set out the empowering provisions of the intelligence and security agencies. Part 3 enables employees of an agency to acquire and use an assumed identity. Part 4 sets out the authorisations framework. An authorisation is required to carry out otherwise unlawful activity. Part 5 sets out the provisions for accessing information held by other agencies.
The NZSIS and GCSB can:
The NZSIS and GCSB are subject to legislative requirements for the handling of information, such as the Privacy Act 2020, the Official Information Act 1982 and the Public Records Act 2005.
The Intelligence and Security Act also imposes specific information management requirements (use, retention and destruction) to certain information collected under the Act, some of which will depend on how the information is obtained (eg, under an intelligence warrant or via a business records direction). Part 4 of the Act sets out that agencies must destroy certain classes of information after collection, including:
Like other government bodies, the intelligence and security agencies are subject to oversight by independent authorities such as the Auditor-General, Privacy Commissioner, Ombudsman and the judiciary. However, the agencies are also subject to other oversight authorities that are specified in the Act.
Part 6 of the Act contains oversight mechanisms, including the roles of the Inspector-General of Intelligence and Security, the Intelligence and Security Committee. Part 7 of the Act set out annual reporting requirements.
Inspector-General of Intelligence and Security
The Inspector-General of Intelligence and Security is appointed by the Governor-General on the recommendation of the House of Representatives and has its functions set out under the Act. The functions of the Inspector-General are set out at section 158 of the Act. The Inspector-General:
Before each financial year, the Inspector-General prepares an annual work programme and consult the Minister(s) responsible for the NZSIS and GCSB on it. Once the annual work programme is finalised the Inspector-General must give a copy to the responsible Minister(s) and may publish the work programme on its public website.
The Act provides for the office of a Deputy Inspector-General of Intelligence and Security that has all the functions, duties and powers of the Inspector-General. The Act also provides for the existence of an advisory panel that provides advice to the Inspector-General and the Prime Minister. The panel has two members that provide advice on the Inspector-General’s request or on its own initiative, and may also report any matter related to intelligence and security directly to the Prime Minister if it so chooses.
Intelligence and Security Committee
The Act provides for the Intelligence and Security Committee, a specialist Committee made up of members of Parliament. The Prime Minister is the Chair of the Committee, which must also include the Leader of the Opposition and be comprised of 5 to 7 members of the House of Representatives. Some members of the Committee are selected by the Prime Minister (after consultation with the leader of each party in government) and some are selected by the Leader of the Opposition (with the agreement of the Prime Minister and after consultation with the leader of each party that is not in government or in coalition with a Government party).
The functions of the Intelligence and Security Committee are set out in section 193 of the Act. The Committee examines the policy, administration and expenditure of each intelligence and security agency, among other things. It may also request the Inspector-General of Intelligence and Security to conduct an inquiry. Similar to the role parliamentary select committees have in overseeing government departments, the Intelligence and Security Committee receives an annual report for each intelligence and security agency, and conducts an annual review of that agency. The Committee also considers and discusses the annual report of the Inspector-General. The Act explicitly excludes the Committee from inquiring into matters within the jurisdiction of the Inspector-General of Intelligence and Security, operationally sensitive matters, and certain complaints by individuals.
The Act contains procedural provisions relating to the Committee. The Committee may request that a Director-General of an intelligence and security agency to appear; and if so requested, the Director-General must appear. The Committee may also request any other person to appear before it to provide evidence or produce any relevant document. The Intelligence and Security Committee’s proceedings are subject to Parliamentary privilege. There are also provisions relating to the handling of sensitive information, the secrecy of information disclosed to the Committee and the Committee’s records.
Part 7 of the Act prescribes the content and process for the intelligence and security agencies to deliver annual reports to the Minister responsible for the intelligence and security agencies. After receiving it, the Minister must provide a copy of the report to the Intelligence and Security Committee as soon as practicable, and present it to the House of Representatives within 30 working days. Annual reports must be publicly available and include the following information: