4567371 Release document Attachment A MPS Feedback.PDF.pdf

1982
Act
Information
Official
the
under
Released

Inspector-General of Intelligence Security feedback to DPMC on the second consultation draft of the MPS on Foreign Cooperation – 17 November 2020
1982
Thank you for the opportunity for IGIS to provide further comments on the draft MPS on Foreign Cooperation (and to do so several days later than
expected). Thanks also for the feedback table, which was helpful in tracking the developments and in particular in understanding DPMC’s reasoning. We
Act
consider this redraft of the MPS to be a significant advancement on earlier versions (and on the 2017 version of this MPS), and appreciate the work it must
have taken to reshape it in this way. The structure and sequence is more logical, with a clear focus for the guidance being provided.
The introductory Landing webpage/Coversheet provides a useful framework for all the MPSs.  In particular, by way of example, we noted and appreciated
the updated headings and the additions/changes made at paragraphs (using the para numbers of this latest version) 2 and 3; the shift forward for the paras
on Ministerial authorisations; 18; footnote 2; 25; 28; 31; 31.1; 31.2; 31.4; 38; 40 and 41.
Our further comments predominantly relate to: one aspect of the Risk Assessment Framework; the use of intelligence obtained by breaches of human
rights and the role of imminence in exceptional circumstances; the descriptor for the human rights policy, and an example for international arrangements.
We have suggested amendments to the paragraphs listed below along with our reasons. For clarity, we have made our proposals as tracked changes in the
Information
attached version of the MPS.
•  Para 17: The feedback table noted DPMC had agreed to change the last sentence of this para (previously para 26) but it seems it may have been
overlooked. The change was to reflect actual agency practice, ie, that the standing Ministerial authorisations are composites – covering a broad
range of countries.

•  Para 29: We appreciate the inclusion of “good decision-making” in this para, but propose it be accompanied by “best practice conduct”, given these
Official
phrases address different but equally desirable and proper agency action.

•  Para 31.3: We are concerned that a recent edit to the last sentence of this third limb of the Risk Assessment Framework, changes the nature of the
the
assessment being contemplated, in relation to the potential effectiveness of mitigation. The change is essentially from an assessment of the risk of
breaching any human rights, to an assessment of whether the Service thinks the risk of breach of a human right is a serious breach or not. We
provide here some further explanation of our concern.

In the last consultation round IGIS proposed the last sentence in the third limb of the Risk Assessment Framework be expressed as “Risks of human
under
rights breaches, assessed to be low or negligible risks in the context of this cooperation, are more likely to be amenable to mitigation.” A low level
risk might be, for example, a recipient agency for the NZ cooperation that has no record of abusing human rights of individuals, or the cooperation
does not provide any information relating to an individual which could be used to locate the individual and so provides no opportunity to breach
19

Released

their rights. However the last sentence in this new version of the MPS now refers to risks of human rights breaches “that involve a less egregious
1982
human rights breach…”. As noted above, these two sentences/phrases reference different schemes of analysis.

Our proposed sentence is identifying where mitigation strategies are most likely to succeed because (using limbs one and two of the Risk
Act
Assessment Framework) there is an assessed low level of risk that any human right will be breached in connection with the foreign cooperation.
This accords with the legal obligation on the intelligence agencies to carry out their functions in accordance with “NZ law and all human rights
obligations recognised by NZ law”. The newly included phrase – of a less egregious breach of human rights - is referencing a risk of breaching a
human right that has been assessed by some unexplained hierarchy of human rights as less important if breached and identified using unknown
criteria. We suggest again that a simplistic approach of ‘less egregious/serious breaches of human rights’ is something of a minefield and – as the
examples we provided in the last round illustrated – includes a real practical difficulty of identifying what amounts to a less “less egregious” or “less
serious” breach of a human right. For example, the same breach of the same human right – of an individual’s detention of one day without cause –
could be vastly different depending on whether the detention is by authorities in the UK, or by authorities in Afghanistan where this is the key
period for torture of detainees to obtain ‘confessions’.
Information

We provided those illustrative examples last time in relation to the old para 38 of the MPS and the feedback table notes DPMC’s agreement with
IGIS and MoJ in this respect and para 38 was deleted. We strongly suggest that in the latest version of the MPS this ‘egregious’ phrase in 31.3 be
replaced with the IGIS proposed amendment, which is now included as a tracked change to para 31.3 in the accompanying version of the MPS, for
your consideration.

Official
•  Paras 32 to 34: For clarity and certainty we suggest that the new phrase “know or assess” in para 32, and in following paras 33 and 34, be explicitly
linked to the Risk Assessment Framework.
We note para 32 now includes a footnote with a definition of “use”. We suggest that this definition is unnecessary and should be removed. The
the
term “use” in paras 32 and 34 has a clear plain-English meaning, sufficiently clarified and/or constrained by the surrounding context of each
paragraph. As such we consider the term is adequately captured in the MPS, as is. We also had some concerns that the definition of “use”, when
considered in the context of paras following para 32, had some potential to broaden agencies’ activities with regard to information obtained by
torture to include activities that comprise business as usual.

under
•  Paras 34 and 35: A key component of “exceptional circumstances” (also addressed in caselaw as a public emergency that threatens the nation) is
the imminence of those anticipated serious circumstances, such that BAU intelligence and security agency practices are insufficient and the use of
intelligence obtained through a grave abuse of human rights is considered – for whether it is justifiable - by the responsible Minister. We therefore
suggest “imminence” is a necessary factor to be added to paras 34 and 35.
20

Released

We also suggest that the final sentence in para 37 be moved up to form the final sentence in para 35, as a better fit, and have made this tracked
1982
change to the attached MPS, for your consideration.

•  Paras 36 and 37: We have suggested that the term “further” be removed from two places in the first sentence of para 36, to confirm the intention
Act
of this para to direct/limit agency activity to what is strictly necessary to inform the threat picture, to assist the relevant law enforcement agency.
We also removed the potentially broader reference – to investigating a security concern or risk in order to advise Government – from that first
sentence, because with the edit we propose to para 35 the Minister will have been informed. We note DPMC agreed with this point at p 13 on the
feedback table.
As mentioned above, we suggest the final sentence of para 37 be moved to the end of para 35. Paras 36 and 37 could then be merged into one
para.

•  Para 49: Human rights policy: We suggest updating the description to refer now to the “Risk Assessment Framework”. At the end of this first para
under the bullet point, we thought the reference to reflecting the MPS principles in the human rights policy was both unnecessary, and too general
Information
and broad for a human rights risk assessment policy. It potentially required that rights policy to do too much work with regard to foreign
cooperation. We therefore suggest that sentence be deleted.

•  Para 49: Consultation with the Ministry of Foreign Affairs and Trade: We suggest removing the phrase “weighing up factors related to” ratification
of international human rights treaties, as in our view the status of a country’s ratification or not of such treaties tells the necessary story for the
intelligence agencies (plus it is unclear to us what the “factors” requiring “weighing” would be). We see that the feedback table at page 18 (re the
Official
old para 50) notes DPMC agrees to this deletion, so its retention may just be an oversight.

•  Para 49: Written basis for new formal arrangements: With regard to the final bullet point in the second para, we understand that an example of
the
this point could be useful and so have added one suggestion into the footnote. We expect that whether this example retains “collect” as well as
“cooperate” will depend on the agencies’ response on classification. We will email you on the high-side (on Tuesday morning) to give a bit more
context to this bullet point/example.

under
21

Released

To:

Department of Prime Minister and Cabinet (DPMC)

From:
Human Rights Commission
Re:
Comments on 2020 Draft Ministerial Policy Statement – Co-operation of New
Zealand intelligence and security agencies with overseas public authorities
Date:
22 September 2020

1982
Introduction
1.  Thank  you for the opportunity to provide DPMC with  comments on the  2020 Draft Ministerial
Act
Policy Statement (MPS) on the co-operation of New Zealand intelligence and security agencies
with overseas public authorities.

2.  In particular, DPMC seeks the Commission’s view on whether the MPS provides sufficient high-
level guidance to the agencies in assessing the risk of contributing to human rights abuses and
whether there are any factors that we would expect the agencies (GCSB and NZSIS) to consider
when engaging in overseas cooperation.

3.  As we did in 2017, the Commission wishes to acknowledge the focus of the MPS on human rights,
and, in particular, the strengthened decision-making guidance to agencies for assessing the risk of
Information
contributing to human rights abuses.

4.  However, we consider that the human rights compatibility of the MPS can be further strengthened
on the basis of the following recommendations:

a.  Expand the definition of “overseas public authorities” to include private contractors and
Official
agents of those authorities.
b.  Make internal policies, such as the human rights policy, publicly available (except for any
sensitive  content  which  if  disclosed  would  constitute  a  reasonable  risk  to  national
the
security).
c.  Require  authorisation  for  overseas  cooperation  to  be  provided  by  an  external
independent body.
d.  Require agencies to develop a policy that clearly states how they will give effect to best
practice monitoring of partner countries, which should include the requirement that for
under
countries  with  a  volatile  human  rights  situation  this  the  review  should  occur  every  six
months.

5.  The Commission also recommends that as part of the targeted public consultation that relevant
NGOs are consulted, if they haven’t been already.
Definition “overseas public authority”
6.  As with the current version, the draft MPS defines an “overseas public authority” as one which
“performs or exercises any public function, duty or power…by or under law”. As we noted in our
Released
2017 comments, this definition does not, on its face, extend to cover private contractors or agents
of an overseas public authority, such as a company providing technological support and solutions
to a state’s intelligence apparatus. It is important that the scope of the MPS is sufficient to ensure
that its intent is not circumvented by the use of third-party actors by overseas public authorities.

1

We recommend that the definition of “overseas public authorities” is amended to include private
contractors and agents of those authorities.
Transparency
7.  The Commission is pleased to see that the MPS is made publicly available on the websites of the
agencies.

8.  The Commission notes that the MPS also provides that the agencies must have internal policies 1982
and procedures in place that  are consistent with the  principles of the  MPS, including a human
rights policy. In particular, the MPS provides that a draft of the agencies’ human rights policy will
be provided to the Inspector-General of Intelligence and Security (IGIS) for comment and a final
version referred to the Intelligence and Security Committee.
Act

9.  However, there is no requirement for the  internal policies and procedures, such as the human
rights policy, to be made publicly available. The Commission considers that such policies should
be made publicly available, except any sensitive content which, if disclosed, would constitute a
reasonable risk to New Zealand’s national security interests.

We recommend that internal policies and procedures are made publicly available, except for any
sensitive content which if disclosed would constitute a reasonable risk to New Zealand’s national
security interests.
Information
Independent authorisation
10. International human rights bodies have emphasised prior independent authorisation, preferably
judicial, as a key mechanism for “ensuring the effectiveness and independence of a monitoring
system for surveillance activities.”1 The UN Human Rights Committee has further recognised the
importance of prior independent authorisation in the context of intelligence sharing, indicating
Official
that “robust oversight systems over surveillance, interception and intelligence-sharing of personal
communications activities” should include “providing for judicial involvement in the authorisation
of such measures in all cases”.2

the
11. Furthermore,  the  July  2019  report  by  the  Inspector-General  of  Intelligence  and  Security on  its
Inquiry into possible New Zealand intelligence and security agencies’ engagement with the CIA
detention and interrogation programme 2001-20093 (“the IGIS Report”) noted that good practice
would include consideration of establishing a separate evaluative body for information sharing.

under
12.  In this respect, the IGIS Report at paragraph 240 found that:

An  external  or  cross-government  body  for  approval  can  ensure  transparent,  robust  and
documented decision-making, and avoids the risk that agencies may conflate their operational
or relationship objectives with the quite separate question of whether particular information
sharing or cooperation is lawful or proper in any particular case.

Released

1 UN Human Rights Committee, Concluding Observations on the Fifth Periodic Report of France, UN Doc.
CCPR/C/FRA/CO/5, 17 Aug. 2015, para. 12. See also UN High Commissioner for Human Rights’ report on the right to privacy
in the digital age, U.N. Doc. A/HRC/39/29 (3 August 2018), para. 39.
2 UN Human Rights Committee, Seventh Periodic Report of the United Kingdom, at para. 24.
3 http://www.igis.govt.nz/assets/Inquiries/CIA-Detention-Programme.pdf
2

We  recommend  that  authorisation  for  overseas  cooperation  is  provided  by  an  external
independent body.

Decision-making framework - ongoing review
13. The Commission welcomes the clarity and detail provided in the section on the decision-making
framework  for  agencies.  We  welcome  the  requirement  at  paragraph  21  of  the  MPS  that  the
agencies are to maintain an awareness of the human rights practices and potential risks related 1982
to cooperation with overseas public authorities. We also welcome the requirement at paragraph
27 that standing authorisations must be subject to regular review.

14. However,  the  Commission  notes  the  absence  of  detail  in  the  MPS  for  how  regular  review  and
Act
monitoring will take place and the absence of a requirement for a policy to ensure ongoing review
of overseas cooperation.

15. The IGIS Report notes concern with practices regarding “broadly framed, standing authorisations“
from  the  Minister,  prior  assurances  and  Approved  Parties.  At  paragraph  277,  the  IGIS  Report
expressed  concern  that  such  authorisations  “approve  many  countries  for  ‘in  principle’  sharing
without the Minister having been provided with any material on which to base even a high-level
human rights assessment.”

16. Furthermore, with regard to Approved Parties for overseas cooperation, the IGIS Report noted at
Information
paragraph 302 that the Joint Policy Statement on ‘Human Rights Risk Management’ establishes
no requirement for regular monitoring of the human rights records of parties who are Approved
Parties.  The  IGIS  Report  highlighted  that  this  calls  into  doubt  whether  the  necessary  “specific
indication” of a human rights breach will be identified, or identified in a timely manner.

17. The IGIS Report also observed at paragraph 245 that “a country’s record on human rights requires
Official
regular as well as responsive review” and that best practice involves robust monitoring, regular
reviews and adequate record-keeping. The IGIS Report went on to recommend at paragraph 335:

the
Active  and  ongoing  monitoring  of  partner  country  (including  Five  Eyes)  political  and  legal
developments and any changes to working practices is critical if New Zealand is to engage in
information-sharing and cooperation with its eyes wide open. Ignorance and wilful blindness
are  not  an  excuse  where  relevant  information  is  readily  available  to  be  discovered.  I
recommend that:
under

G. Best practice monitoring: Both agencies should develop a policy that clearly states how they
will give effect to best practice monitoring of partner countries. The policy should provide for
reassessment  of  a  country’s  human  rights record every  six  months  for  countries  where the
political or human rights situation is volatile or in a state of flux.

We recommend that the IGIS recommendation is adopted i.e. that the MPS requires the agencies
to  develop  a  policy  that  clearly  states  how  they  will give  effect  to  best  practice  monitoring of
partner countries, which should include the requirement that for countries with a volatile human
Released
rights situation the review should occur every six months.

3

External Consultation
18. As recommended by the IGIS Report at recommendation A of paragraph 331, we reiterate that
NGOs are consulted in respect of the review of this MPS.
1982
Act
Information
Official
the
under
Released
4