Background information on the Intelligence and Security Act 2017

This page provides background information on the Intelligence and Security Act 2017 (the Act) and the government’s two intelligence and security agencies – the New Zealand Security Intelligence Service (NZSIS) and the Government Communications Security Bureau (GCSB). This includes:

• History of the Act
• Purpose of the Act
• Functions and duties of the intelligence and security agencies
• Ways the intelligence and security agencies can exercise their functions
• Oversight of the intelligence and security agencies
• The intelligence functions of the Chief Executive of the Department of the Prime Minister and Cabinet.

This information provides a snapshot of what the intelligence and security agencies do and what controls are in place to ensure they are operating in a lawful manner. Further information on the intelligence and security agencies, their oversight bodies and the intelligence function of DPMC can be found using the links below:

• New Zealand Intelligence Community(external link)
• New Zealand Security Intelligence Service(external link)
• Government Communications Security Bureau(external link)
• National Assessments Bureau(external link)
• Inspector-General of Intelligence and Security(external link)
• Intelligence and Security Committee(external link)

History of the Intelligence and Security Act 2017

The Act was passed in 2017 to modernise and bring together legislation governing the operation of New Zealand’s security and intelligence agencies and their oversight bodies. It was based largely on the recommendations of the independent review by Sir Michael Cullen and Dame Patsy Reddy in 2016, known as the Cullen-Reddy review. The Cullen-Reddy review set out the basis for comprehensive reform and was the first statutory review of New Zealand’s security and intelligence agencies. You can read the full Cullen-Reddy review report here(external link).

Purpose of the Intelligence and Security Act 2017

The Act puts in place a single legislative regime for the NZSIS and GCSB, providing a single purpose and shared objectives and functions. The Act allows the agencies to act as necessary to protect New Zealand and New Zealand’s interests, with limitations and oversight applying across all of the agencies’ activities.

Section 3 of the Act sets out its purpose which is to protect New Zealand as a free, open and democratic society by:

• Establishing (or rather continuing) intelligence and security agencies
• Giving these agencies adequate and appropriate functions, powers and duties
• Ensuring that their functions are performed in accordance with New Zealand law, and human rights obligations recognised by New Zealand law, with integrity and professionalism, and in a manner that facilitates democratic oversight, and
• Ensuring the powers of the agencies are subject to institutional oversight and safeguards.

The principal objectives of the agencies are set out at section 9 and are to contribute to the:

• Protection of New Zealand’s national security
• International relations and well-being of New Zealand, and
• Economic well-being of New Zealand.

The Act outlines the agencies’ objectives, functions, powers and duties. The inherently secret nature of some of the agencies' work, along with their intrusive powers, means it is essential that there is robust and independent oversight. This oversight is to ensure the agencies act with propriety and operate lawfully and effectively.

Functions and duties of the intelligence and security agencies

Part 2 of the Act sets out the legislative functions of the intelligence and security agencies. The functions include:

• Collecting and analysing intelligence in accordance with the Government’s priorities and to provide these to a specified class of persons, or any other person or class of persons authorised by the responsible Minister to receive it
• Providing protective security services, advice and assistance to public authorities or any other persons or class of persons authorised by the Minister responsible for the intelligence and security agency. These services include national security clearances assessments, making premises secure, and providing a framework and support to help ensure the appropriate sharing and protection of classified information across government
• In relation to the GCSB, protective security services, advice and assistance also includes specific information assurance and cybersecurity activities
• Cooperating with each other, and the New Zealand Police and New Zealand Defence Force, including for the purpose of facilitating NZ Police and NZDF to exercise their functions, duties and powers
• Cooperating with other persons or public authorities to respond to an imminent threat to the life or safety of people in New Zealand, New Zealanders internationally, and certain others
• Having functions that are provided for under, or imposed by, any other law.

Section 16 of the Act explicitly sets out that the intelligence and security agencies’ functions do not include law enforcement, except in limited circumstances.

Section 17 of the Act sets out the general duties of the intelligence and security agencies when performing their functions. These repeat the provisions set out in section 3 about acting in accordance with New Zealand law and all human rights obligations recognised by New Zealand law, with integrity and professionalism, and in a manner that facilitates effective democratic oversight. It also requires the agencies to act independently and impartially in the performance of operational functions.

Section 18 of the Act further specifies duties for a Director-General of an intelligence and security agency, which include political neutrality, keeping free from any influence or consideration that is not relevant to the performance of the agency’s functions, and ensuring that any cooperation internationally is in accordance with New Zealand law and all human rights obligations recognised by New Zealand law.

Section 19 says that any person exercising their right to freedom of expression does not of itself justify an intelligence and security agency to take any action in respect of that person.

Section 20 says that the Directors-General must regularly consult the Leader of the Opposition for the purpose of keeping the Leader informed about matters related to the agencies’ functions.

Intelligence functions of the Chief Executive of the Department of the Prime Minister and Cabinet

Outside of the intelligence and security agencies, the Act also sets out specific intelligence functions for the Chief Executive of the Department of the Prime Minister and Cabinet (DPMC). Section 233 of the Act states that the Chief Executive of DPMC is responsible for:

• Providing intelligence assessments on events and developments of significance to New Zealand’s national security, international relations and economic well-being to a specific class of persons or any person that the Chief Executive considers appropriate
• Advising Ministers on the setting of priorities for intelligence collection and analysis
• Advising departments on best practice in relation to the assessment of intelligence.

However, the Act explicitly states that the Chief Executive of DPMC must not carry out the two functions regarding intelligence assessments personally, but must designate an employee of the DPMC to carry out those functions. This employee must act independently.

Ways the intelligence and security agencies can exercise their functions

The intelligence and security agencies are able to carry out lawful activity to collect information in accordance with their functions without needing to seek authorisation to do so. This could include, for example, collecting publicily available information on the internet in the same way that anyone else can. 

Part 7 of the Act sets out that the responsible Minister must provide guidance in relation to certain lawful activity carried out by the agencies, including obtaining and using publicly available information and the provision of information assurance and cybersecurity activities with consent.

The agencies do need authorisation, however, if they want to do things that would otherwise be unlawful. Information handling requirements seek to ensure that information is lawfully retained and is not held for longer than necessary. 

Parts 3, 4 and 5 of the Act set out the empowering provisions of the intelligence and security agencies. Part 3 enables employees of an agency to acquire and use an assumed identity. Part 4 sets out the authorisations framework. An authorisation is required to carry out otherwise unlawful activity. Part 5 sets out the provisions for accessing information held by other agencies.

The NZSIS and GCSB can:

• Acquire and use an assumed identity and/or a corporate identity to enable the agency to carry out its activities and protect the identity of an employee
• Collect information when they are authorised to do so. The intelligence and security agencies may be authorised in a variety of ways –
  • By intelligence warrants, granted by either the authorising Minister and a Commissioner of Intelligence Warrants in the case of New Zealanders (ie, Type 1 warrants) or the Minister alone in the case of non-New Zealanders (ie, Type 2 warrants) to, for example, intercept communications or enter a place specified in the warrant. Particular rules are in place for warrants that are made in situations that require urgent actions
  • By approvals to access restricted information, granted by the Minister and a Commissioner of Intelligence Warrants in the case of New Zealanders or the Minister in other cases, to access tax information held by the Inland Revenue Department and other specified information held by other departments or agencies (eg, photographs from driver licences)
  • By directions made under approvals granted by the Minister and the Chief Commissioner of Intelligence Warrants to obtain business records held by telecommunications network operators or banks and other financial service providers
  • By direct access agreements between the intelligence agencies and certain government departments for specified databases, and
• The Act also recognises the agencies existing ability to make a general request for information from a person or from a public or private agency. The person or agency is not required to provide the information and may, if they so choose, can refuse the request.

Handling information

The NZSIS and GCSB are subject to legislative requirements for the handling of information, such as the Privacy Act 2020, the Official Information Act 1982 and the Public Records Act 2005.

The Intelligence and Security Act also imposes specific information management requirements (use, retention and destruction) to certain  information collected under the Act, some of which will depend on how the information is obtained (eg, under an intelligence warrant or via a business records direction). Part 4 of the Act sets out that agencies must destroy certain classes of information after collection, including:

• Any information that is unintentionally obtained outside the scope of an authorisation or authorised activity, unless a warrant authorising the collection of the information is applied for as soon as practicable. However, the agencies are entitled to disclose this type of information to the Police, Defence Force or another public authority, in certain limited circumstances, for example to prevent a serious crime, and
• Any information obtained within the scope of an authorised activity, but is irrelevant because it is not required by the agency to perform its functions.

Oversight of the intelligence and security agencies

Like other government bodies, the intelligence and security agencies are subject to oversight by independent authorities such as the Auditor-General, Privacy Commissioner, Ombudsman and the judiciary. However, the agencies are also subject to other oversight authorities that are specified in the Act.

Part 6 of the Act contains oversight mechanisms, including the roles of the Inspector-General of Intelligence and Security, the Intelligence and Security Committee. Part 7 of the Act set out annual reporting requirements.

Inspector-General of Intelligence and Security

The Inspector-General of Intelligence and Security is appointed by the Governor-General on the recommendation of the House of Representatives and has its functions set out under the Act. The functions of the Inspector-General are set out at section 158 of the Act. The Inspector-General:

• Conducts inquiries relating to the intelligence and security agencies, including on legal compliance, propriety of actions, and the adverse impact on a New Zealand person caused by activities undertaken by the intelligence and security agencies
• Deals with complaints about the intelligence and security agencies
• Conducts reviews, including of the issue of an authorisation or the carrying out of an authorised activity undertaken by the intelligence and security agencies or an intelligence and security agency’s procedures and compliance systems, and
• Conducts audits of the intelligence and security agencies’ procedures and compliance systems.

Before each financial year, the Inspector-General prepares an annual work programme and consult the Minister(s) responsible for the NZSIS and GCSB on it. Once the annual work programme is finalised the Inspector-General must give a copy to the responsible Minister(s) and may publish the work programme on its public website.

The Act provides for the office of a Deputy Inspector-General of Intelligence and Security that has all the functions, duties and powers of the Inspector-General. The Act also provides for the existence of an advisory panel that provides advice to the Inspector-General and the Prime Minister. The panel has two members that provide advice on the Inspector-General’s request or on its own initiative, and may also report any matter related to intelligence and security directly to the Prime Minister if it so chooses.

Intelligence and Security Committee

The Act provides for the Intelligence and Security Committee, a specialist Committee made up of members of Parliament. The Prime Minister is the Chair of the Committee, which must also include the Leader of the Opposition and be comprised of 5 to 7 members of the House of Representatives. Some members of the Committee are selected by the Prime Minister (after consultation with the leader of each party in government) and some are selected by the Leader of the Opposition (with the agreement of the Prime Minister and after consultation with the leader of each party that is not in government or in coalition with a Government party).

The functions of the Intelligence and Security Committee are set out in section 193 of the Act. The Committee examines the policy, administration and expenditure of each intelligence and security agency, among other things. It may also request the Inspector-General of Intelligence and Security to conduct an inquiry. Similar to the role parliamentary select committees have in overseeing government departments, the Intelligence and Security Committee receives an annual report for each intelligence and security agency, and conducts an annual review of that agency. The Committee also considers and discusses the annual report of the Inspector-General. The Act explicitly excludes the Committee from inquiring into matters within the jurisdiction of the Inspector-General of Intelligence and Security, operationally sensitive matters, and certain complaints by individuals.

The Act contains procedural provisions relating to the Committee. The Committee may request that a Director-General of an intelligence and security agency to appear; and if so requested, the Director-General must appear. The Committee may also request any other person to appear before it to provide evidence or produce any relevant document. The Intelligence and Security Committee’s proceedings are subject to Parliamentary privilege. There are also provisions relating to the handling of sensitive information, the secrecy of information disclosed to the Committee and the Committee’s records.

Annual reports

Part 7 of the Act prescribes the content and process for the intelligence and security agencies to deliver annual reports to the Minister responsible for the intelligence and security agencies. After receiving it, the Minister must provide a copy of the report to the Intelligence and Security Committee as soon as practicable, and present it to the House of Representatives within 30 working days. Annual reports must be publicly available and include the following information:

• For the intelligence and security agencies: the number of applications made for intelligence warrants, assistance rendered to New Zealand Police and the New Zealand Defence Force, and urgent authorisations given by a Director-General, among other things.
• For the Inspector-General of Intelligence and Security: the number of inquiries undertaken, a brief description of the outcome, the extent to which the intelligence and security agencies’ compliance systems are sound, and any other information the Inspector-General considers necessary.
• For the Intelligence and Security Committee: Information on the activities of the Committee.