The Government Communications Security Bureau (GCSB) has responded to election week allegations it carries out mass surveillance on New Zealanders, denying its programmes are for anything other than cyber security.

Senior spies at the GCSB’s headquarters in Wellington came forward this week, speaking with 3rd Degree, because of concerns of what they see as misconceptions among the New Zealand public.

Allegations by American whistleblower Edward Snowden, a former worker at US spy organisation the National Security Agency (NSA), claim the NSA maintains bases in New Zealand, collects metadata about New Zealanders and has worked with the GCSB to tap the Southern Cross internet cable to extract data.

Answering these allegations, GCSB spies and former NSA officials tell 3rd Degree there is no proof the NSA maintains bases in New Zealand, although there are NSA staff in the country. However, they will not confirm the tapping of the Southern Cross Cable was anything more than a “test probe”.

3rd Degree also revealed a high-level technical meeting 18 months ago between engineers from the GCSB and Spark, formerly Telecom, focused on letting the spies get access to the company’s internet exchanges and nodes – effectively their whole network.

But GCSB head Ian Fletcher says meetings with telcos like Spark are purely based on preventing cyber-attacks, not mass surveillance.

“I have conversations with all sorts of people,” says Mr Fletcher. “You shouldn’t be surprised that we talk to telcos and ISPs. I think you’ll find we talk to people about cyber security a lot.”

Inside the GCSB

Before going in, the GCSB has had our cameras all weekend, searching for bugs, in case the gear might contain some sort of high-tech spying devices. First we have to get through security. There to meet and greet us is a PR guy from the Prime Minister’s office and a senior spook. At reception they have little lock-ups for your phone – ours and all the staff who work there.

Senior operational spy Alex, which is not his real name, has never spoken to media before. Alex is just back from 10 years overseas service in the Middle East.

“I’ve been in helicopters at night, flying at speed, protected by tough guys, so I’ve been in some post-conflict areas with all sorts of risk.”

It’s less risk now that he’s back, with a desk job, a wife and young child.

“My poor, lovely wife, whom I can’t tell anything about what I do, but I can go home and say I work with really smart people who are committed.”

We have been invited in because the GCSB is concerned with public perception recently. The worries began for all Western intelligence agencies on the date we’re not allowed to forget – September 11.

“Internationally there was a failure around 9/11, and there’s been a lot of corrective effort to make sure things like that don’t happen again,” says Alex.

The spies started spying in earnest, then they got criticised for spying too much, breaching our privacy. In New Zealand, the GCSB is only allowed to collect foreign intelligence. It got caught spying on 88 Kiwis, including Kim Dotcom before the police raid on his mansion.

“We’ve had a rough period,” says Alex. “If you read the media reports it can be pretty frustrating. I can understand why there is scepticism about what we do.”

Deep in the building, no TV cameras or any other media have never been before. It’s pretty bland, not unlike any other corporate office, just stacked full of secrets. They’re keen to show us what they’re doing is essential for our security – our cyber security.

For the first time, spies from the GCSB will get to respond to election week claims by US whistleblower Snowden that it is illegally collecting the mass personal information of Kiwis. Prime Minister John Key offered to resign if that was the case.

“In terms of wholesale collection of metadata about New Zealanders, that hasn’t taken place,” says Mr Key.

They’re not exactly flinging open the doors. We’ll only get to see what they want us to see, and that’s the unit that deals with an apparent new threat – cyber-attacks.

The GCSB workers show us a “sanitised dashboard” of “IOCs on our assisted organisations”; an IOC is an Indicator Of Compromise, so how badly someone has been taken over by a hacker.

Analysts John and Max, also not their real names, explain to us their work at the organisation.

“I just really wanted to be in a place that could make a difference, that what I do every day helps to protect New Zealanders, people like me, and I just really like the fact that I come to work and do that.”

John joined the bureau after a mate was injured in a terrorist attack.

“One of my good friends was in the Bali bombings, so I saw an ad in the newspaper to come here and see what I could do.”

When people ask what he does, he usually tells them he works in IT.

Alex is their boss, but they’re not exactly James Bond types.

“We’re not paid that much and we’re not like that. We are dutiful, professional public servants, a great crew of talented people. It’s an IT job essentially, people who are good at the internet. It’s not glamorous, not flitting around the world. It’s in New Zealand protecting New Zealand institutions.”

It’s an IT job in a super strict security environment. They can’t even raise the blinds on the windows; they’re there to block radio signals.

“I think for the majority of people working here it’s always difficult. We work in secrecy. We do what we do to protect New Zealanders. You see in the media just one side of the story, which is all they have to go by until now. It is very difficult.

“We do work for some [New Zealand] customers. We don’t do mass surveillance, as was talked about; the Prime Minister was completely correct what he said about that. We care for all New Zealanders and we do our best to protect all of us.”

But whom exactly are they protecting us from?

The threat of cyber attacks

Early September this year, somewhere in the world unknown computer hackers set their sights on New Zealand. Boffins in charge of security at Telecom, now called Spark, saw a cyber-attack coming in, a big one.

Its internet and email system went down on the Friday and stayed down for 72 hours. It came to be known as the Jennifer Lawrence attack. Originally they thought it was caused by red-blooded New Zealanders searching for the stolen naked pictures of the Hunger Games star, where people were clicking on a link that promised to take them to naked pictures her, but what it did was take control of their router for amplification.

The experts are still trying to work out exactly what did happen when foreign hackers took control of 120 home computers.

Experts don’t know where it was coming from in terms of IP addresses, which were based in China. But they still don’t know it was Chinese.

Cyber-attacks happen across the world every hour of every day. It’s these sort of attacks the GCSB says it is trying to prevent – shadowy hackers from all over the world, sending out complex viruses to damage big businesses or Government departments, or even getting inside and taking them over.

“They could shut off power, service goes down,” says Alex. “Theoretically [they could] bring small countries to a halt.”

Most have been unsuccessful.

The thing is, this new function of the GCSB – cyber security – gets them close to a goldmine of mass data about New Zealanders.

“What we are doing is protecting key Government agencies, plus critical infrastructure providers, plus big economic generator firms against cyber-attacks.”

Firms like Spark are where our phone records, emails and Google searches are all available.

“Let’s face it – foreign intelligence services exist for the purpose of stealing other people’s secrets,” says Washington post-intelligence expert and journalist Bart Gellman.

“These are intelligence-gathering entities,” says Mr Gellman. “They’re sitting on human history’s most valuable, most voluminous source of signals intelligence. Are you going to tell me that they’re not collecting it, they’re not looking at it?”

“That’s absolutely not what we’re doing,” says Alex. “It’s quite hard to defend when we can’t go into the details of what we do. It’s hard just to give the answer that we don’t do that, and some of the claims are very bizarre [and I] don’t know where they are coming from.”

The reach of the NSA

To understand what’s happening in New Zealand, you need to understand what is happening in Washington DC, United States – the heart of Western Intelligence.

“The relationship between American Intelligence and New Zealand intelligence is truly mutually profitable,” says General Michael Hayden, former director of the CIA and NSA.

The NSA is the biggest spy agency in the wold, with 30,000 employees at Fort Meade. First we meet Chris Inglis. Up until January he was the deputy director of the NSA.

“Given that our two nations share many of the same threats in a world that’s increasingly full of them, we each try to support our nations with provisions of intelligence, or increasingly with cyber security capabilities,” says Mr Inglis. “So in that regard they’re a pretty good partner.”

Spying used to be all about catching baddies by bugging phone lines, intercepting signals, but then came the internet – a flood of digital information.

“So what we decided to do was say ‘let’s turn around and start swimming and let’s let this wave take us where it will’ – in other words turning volume as our enemy into volume as our friend, that we would actually create usable intelligence by the frequency, pattern and volume of communication rather than being forced to burrow down into one specific phone call in order to learn something,” says Gen Hayden. “The word that’s been used for that is metadata.”

Metadata are digital traces of everywhere we’ve been on our phones and computers. Take your average email. It’s not the content, what you write; it’s all the other details, like your email address, time, date and location, hidden away in a digital footprint. It’s the stuff our Prime Minister tells us we don’t collect.

We’re told at the NSA it’s vital for chasing terrorists and other threats.

“That’s why agencies like the NSA, and I suspect GCSB, are involved in the metadata business,” says Gen Hayden. “Now my countrymen, and I suspect some folks in New Zealand, that makes them a little bit nervous – that volume of data in the hands of a Government. But frankly, if you want the GCSB, or in my case the NSA, to do for you what they did in the ’60, ’70s and ’80s, it’s got to work with metadata; otherwise it will go deaf.”

In civil liberties circles, metadata has become something of a dirty word, with revelations of the NSA’s secret programme to collect it from Americans without their knowledge. It came right on the heels of 9/11.

“This was a big deal,” says Mr Gellman. “This was scary. This was a new kind of threat. There needed to be a response, but we need to participate as a society of self-governing citizens in deciding what are the boundaries.”

“In 2001 we had dual explosions,” says Neema Guliani of the American Civil Liberties Union. “We had this complete tragedy that hit the US and this concern about national security, and at the same time in the technology sphere we had this explosion in the way people were communicating, the amount of data available. What we saw was the NSA really taking advantage of that second explosion, collecting vast amounts of data on innocent people with virtually no oversight and no restrictions.”

US President at the time, George W Bush, summoned Gen Hayden to the White House, taking the director of the NSA into his confidence.

<a target=”_blank” href=”http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBWNgzsCBkVIqqJNDI9AWh54BA8u_iogYAAAAQASAAOABYiuXqr6IBYKvUs4XcKIIBF2NhLXB1Yi04MjQ3MzEzMTM2NTc5MTA1sgEPd3d3LjNuZXdzLmNvLm56ugELMDBnZnBfaW1hZ2XIAQnaAWhodHRwOi8vd3d3LjNuZXdzLmNvLm56L3R2c2hvd3MvM3JkLWRlZ3JlZS9nY3NiLXNwaWVzLXJlc3BvbmQtdG8tbWFzcy1zdXJ2ZWlsbGFuY2UtYWxsZWdhdGlvbnMtMjAxNDExMDUyMKkCSItQt25tqj7AAgLgAgDqAhA0MTAwLzNuZXdzLmNvLm56-AL00R6AAwGQA9wLmAPcC6gDAeAEAZAGAaAGHw%2526num%253D0%2526cid%253D5GjMvrUiAWa1VOLN__huuek7%2526sig%253DAOD64_2uSVcEnB2PildVQ0yzyl9p0ihJXQ%2526client%253Dca-pub-8247313136579105%2526adurl%253Dhttp://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=20&mc=click&pli=9488592&PluID=0&ord=761604092″><img src=”http://pagead2.googlesyndication.com/pagead/imgad?id=CICAgKCNj-XvnAEQARgBMgjf3uraURxJsQ” width=”300″ height=”250″ border=”0″ alt=”” galleryimg=”no”></a>

<a href=”http://ad.au.doubleclick.net/jump/3news.co.nz/homepage;sz=300×250;key-values;tile=2;ord=123456789?” target=”_blank”><img src=”http://ad.au.doubleclick.net/ad/3news.co.nz/homepage;sz=300×250;tile=2;ord=123456789?” width=”300″ height=”250″ border=”0″ alt=”Ad” /></a>

“What the president did in the weeks after 9/11 was he asked, ‘Can you guys do any more?'” says Gen Hayden. “I said we were at the end of our authorities. He said, ‘That’s not quite the question I asked. Can you guys do any more?'”

Any more was code for a secret programme to collect the mass data of the whole population. The full extent of it is not known. It’s thought to include emails, texts, tweets, online purchases, Google searches, plus the phone records of every single citizen.

“There are people who like to say they’ve got nothing to hide, or assume they’ve got nothing to hide, and I can tell you with certainty that that is never true,” says Mr Gellman. “Secrecy and information and transparency, these are about relationships. I don’t tell my wife everything that I tell my boss. I don’t tell my kids everything that I tell my wife. I don’t tell my dentist everything I tell some doctor at some clinic.”

Imagine, he says, if the NSA or the GCSB had used the old-school methods to get that sort of information.

“If there were a team of agents, following you around 24/7, taking little notes in the background, trying to be unobtrusive, but ‘Now he’s talking to Bart Gellman, and now he’s calling his mother.’ The fact is they are following you into the bedroom, because the location data that your device is transmitting, this spy that you carry around every day in your pocket, the first thing you look at in the morning, the last thing you look at at night, is telling them where you are.”

No one would have realised how far the NSA had gone if it weren’t for Snowden. The whistleblower stole 1.5 million documents and exposed the secret programme. Snowden trusts three journalists in the world, and Mr Gellman is one of them.

“I’ve got some of the documents,” says Mr Gellman. “I don’t say where I keep them. The material is kept on encrypted and air-gapped computers, meaning that they never touch any network.”

The documents provided evidence that the NSA had been tapping internet cables all over the world, fibre optic cables in Britain belonging to Facebook, Microsoft, Yahoo and Google operation Muscular.

“How many New Zealanders do you think have a Google account, a Yahoo account or a Microsoft account? Every single one of those communications passes through NSA filters, and it’s not possible to say that New Zealanders are not, in some respects, under mass collection. The Governments want to say ‘that’s not mass surveillance’, ‘that’s not surveillance until we pull your file out and look at it’.”

It has targeted undersea cables that carry internet traffic all over the globe – Operation Rampart.

So what does the NSA say?

“Let’s go operational with regards to fibre,” says Gen Hayden. “Number one, it’s hard to access. You can. You can do it cooperatively. It’s very hard to do uncooperatively. But the issue beyond that is volume. Once you’ve got access to that kind of cable the volumes can be just overwhelming.”

But the NSA is building a humungous data centre in Utah. They’ve invented a new word to describe its capacity – zettabytes – that’s a trillion gigabytes.

“I do not know if the metadata of New Zealanders is being collected by anyone, but there’s a lot of it sitting in storage,” says Mr Gellman. “There’s a lot of it crossing the cables that are overseen by the NSA and its sister services, and New Zealand’s own intelligence service has access to that material.”

Snowden’s allegations

Snowden had already busted the US intelligence community wide open, the whistleblower revealing details of a secret NSA programme to spy on Americans.

“This is the greatest haemorrhage of legitimate American secrets in the history of my nation,” says Gen Hayden.

Then Snowden beamed into New Zealand a week before the election, threatening to bust our spy agency, the GCSB.

“When John key says no mass surveillance and they wave cyber defence programmes around or what, or Project Cortex, they’re distracting from the main question,” says Snowden.

The question of whether our spies are collecting metadata on New Zealanders, were raised in the Moment of Truth event.

“I wasn’t comfortable all the way through,” says GCSB spy Alex. “It was annoying; I won’t pretend otherwise.

“We’ve got a pretty good job here, got a clear mission and lots of support, and you’ve got to take stuff that gets reported in media, even if it’s outrageously untrue. I can definitely say there’s a lot of things about what the GCSB does, and I’ve already told you a lot of it is false. There’s no mass surveillance. That was one of claims.”

There are three main claims from Snowden. Firstly, Snowden was reported as saying that American spy agency the NSA has two bases here.

“We cooperate with a lot of intelligence services around the world; one would have to have an incredibly expansive definition of the word base to apply that in this circumstance,” says Gen Hayden. “That’s as much as I choose to say about operational matters.”

“I’m happy to confirm there are no NSA bases in New Zealand,” says Mr Fletcher, the boss of the GCSB reacting for the first time to Snowden’s claims.

“There is a sharing of personnel,” says Mr Inglis. “We call them ‘intergrees’ across the Five Eyes partnership.”

So there is no reliable proof of bases, but the NSA does have staff working in New Zealand.

The second claim Snowden made is he could sit at his desk at the NSA and search for details about Kiwis, and our spies could see them too. Mr Key admitted that the whistleblower could well be doing that.

“I’m sure it’s absolutely true that when Edward Snowden worked for the NSA he had the capacity to see some information about New Zealanders,” says Mr Key.

“There’s no doubt that a vast pool of data about New Zealanders, and about every other nationality in the world exists in some form in these NSA databases,” says Mr Gellman.

Yes, says the NSA, there are New Zealnders on their databases.

“My bet is that there isn’t a database about them but there are databases that would necessarily include them on occasion,” says Mr Inglis.

Snowden claims the GCSB can look at these databases with a shared search tool called XKeyscore.

“Very sorry – can’t answer that – general policy not to comment,” says senior spy Alex. “Neither confirm nor deny, I’m sorry.”

So can the American spies search our data? Yes. Do our spies get to look at that information? They won’t say.

Onto Snowden’s third claim – the NSA whistlblower claims the spies have tapped the Southern Cross cable for metadata.

“When you sit on pipes of the internet, when you sit on a fibre optic cable across which every 14 seconds the equivalent of our entire Library of Congress is transmitted, you’re simply going to collect a great big pile of communications on New Zealanders, among others,” says Mr Gellman.

“One of the challenges that modern signals intelligence has is how to grab signals that are no longer in the air but are under the ground or under the ocean,” says Gen Hayden. “Then if you can get access to those kinds of pipes, that is almost always a good thing.”

We’re told by intelligence experts that the landing point of the Southern Cross on Takapuna Beach is a vital interception point for the Pacific and Asia.

“It may be that an ally, and here I’ll have to speak abstractly, it may be that an ally has access to a collection point that we don’t,” says Gen Hayden. “God bless the ally; that’s why friends are good.”

Mr Key admitted that a test probe had been placed on the cable in 2013, probably not underwater but at one of two fortified landing points in something called Initiative 7418.

“The Prime Minister made it clear it was an idea the Government looked at and decided not to proceed with,” says Mr Fletcher. “It was a cyber defence programme that looked at the possibility of looking at data in large amounts for cyber defence purpose.”

Mr Key said the reason Initiative 7418 wasn’t taken any further was concerns it might be seen as mass surveillance.

“It depends how things are seen and what perception would have been,” says Mr Fletcher. “It was for reasons of cyber security.”

Experts we talked to in New Zealand said tapping an entire fibre optic cable, if that’s what they were trialling, would be of limited value for preventing cyber-attacks but perfect for sucking up data for intelligence.

“It was a project,” says Mr Fletcher. “It was an idea. It was looked at from technical feasibility, at the point where the Government reflected on the policy as the Prime Minister said they decided not proceed. That’s the end of it.”

Has the cable been tapped? Yes, they put in a test probe. Are they extracting data from it? The jury is still out.

Security or surveillance?

The US in 2003, in the grip of homeland security fever – in San Francisco an engineer at AT&T, one of the largest telcos in the world, found a strange room – 641a; it didn’t have a door handle.

“Mark Klein was the AT&T employee,” says Mr Gellman. “He made the revelations and said, ‘There’s a closet in the building where I work where the great big feeder cable, across which great volumes of communication pass, is split.’ There’s a splitter. There’s actually a prism.”

That so-called splitter made a copy of everything running through the internet cable. The NSA has never claimed or denied responsibility for that massive tap. So does our GCSB have any?

“Of course I’m not going to get into details of how technology works, but I can absolutely assure you we don’t have backdoor ways,” says Alex. “It’s always with consent of organisations.”

3rd Degree has learned of a high-level technical meeting 18 months ago between engineers from the GCSB and Spark, formerly Telecom. What was on the agenda? Letting the spies get access to the company’s internet exchanges and nodes – effectively their whole network.

“As part of our obligation, obviously we were consulted as to whether this was technically feasible and what our role would be. We said it is technically feasible but it will be difficult.”

Since Spark’s David Havercroft told us that little secret, Spark and the GCSB have been falling over themselves to reassure us it all about cyber defence. That is fair enough. But why then did Alex, joint director of cyber security, know nothing of the meeting?

“I probably won’t, for the boring old reasons of security, get into talks about technology,” says Alex. “It doesn’t surprise me that we work with telcos to help defend them or customers, but the description of us doing this mass surveillance, trying to secretly suck out lots of data and review emails, is just not what we do.

“[I have] no awareness that it took place. It’s not to collect mass data – absolutely not.”

Alex’s boss also says he has no knowledge of the Spark meeting.

“I have conversations with all sorts of people,” says Mr Fletcher. “You shouldn’t be surprised that we talk to telcos and ISPs. I think you’ll find we talk to people about cyber security a lot.”

Again the justification is cyber defence.

“It’s not a smokescreen; it’s a real issue and a really important one,” says Mr Fletcher. “We would be remiss if we didn’t take it seriously.”

There is no direct proof that the GCSB is hovering up the metadata of ordinary New Zealanders, but the cable programme 7148 and the approach to Spark are possible indications that last year it was on the cards and it may be again.

The rise of IS in Syria and Iraq might be a game changer. This morning Mr Key made an announcement about our involvement in that war. With the threat of Kiwi jihadis returning from fighting in Syria, undoubtedly there will be pushes for more surveillance throughout the Five Eyes partnership.

“The issue here might be that, for Wellington and Washington and Canberra and London, the issue here might not be that this is being used malevolently to squeeze liberty, but that it could be used to malevolently squeeze liberty,” says Gen Hayden. “Therefore I only have one antidote – and it’s a tough one for someone with my background – and my antidote is let me show you what I am doing. There’s nothing to be afraid of here.”

That might explain our spies’ decision to open up their doors just a crack and let us in. So now, do you feel your liberty is being squeezed? I guess that is a personal question.