The New Zealand Security Intelligence Service (NZSIS) has inked an agreement with Immigration New Zealand to hold a copy of all information supplied by incoming travellers.
The agreement, released by both parties on their websites, was shown to the Office of the Privacy Commissioner and the intelligence watchdog Brendan Horsley. A spokesperson for the Privacy Commissioner said they couldn’t share their views.
“We were consulted by NZSIS, MBIE and the DIA as required under the Intelligence and Security Act, as was the Inspector General’s Office,” the spokesperson said.
An NZSIS spokesperson told Newsroom the agency has a number of safeguards built into its activities.
“The NZSIS accesses and uses data and information in accordance with a range of rigorous legal, human rights, privacy and policy considerations. Overlaying all work the NZSIS does is the concept of necessity and proportionality – ensuring all information collected is necessary for the performance of its functions and that the activity (including any impacts on privacy) is proportionate to the purpose,” they said.
“Furthermore, everything we do is subject to robust oversight by the Office of the Inspector-General of Intelligence and Security. All new or amended direct access agreements must be consulted with both the Inspector-General and the Privacy Commissioner.
“Direct Access Agreements were enabled by the 2017 Intelligence and Security Act, so intelligence agencies could use information gathered by other government departments where needed with the permission of their respective ministers. The immigration agreement, signed in October, details access to two key databases of traveller information.
One, the Advance Passenger Processing (APP) database, contains the name, date of birth, gender, nationality, passport number and passport expiry date of all passengers and crews entering or leaving New Zealand, including citizens and permanent residents. The other, the Electronic Travel Authority (ETA) system, holds information about passports, contact details, prior criminal convictions and visa details for non-citizen travellers from visa waiver countries.
The agreement requires the Ministry of Business, Innovation and Employment to provide all APP and ETA information to the NZSIS “in a timely manner”. These copies of the databases are stored on the intelligence agency’s Top Secret network and deleted after 10 years.
The NZSIS will only access the data if an entry is automatically matched against an existing agency record or for specific manual searches to “complete simple leads resolutions; assess the level of security threat (if any) posed by the individual; and identify how to engage with INZ or other agencies regarding the security threat”.
Information about people aged under 16 will automatically be excluded unless the user has written approval from an NZSIS manager.
When asked whether a full copy of each database was needed to enable this access, the agency spokesperson said it was.
“Datasets that have been integrated into the NZSIS system have only been done so to allow them to be used in a specific way that could not be achieved if they were in isolated systems. Datasets can only be accessed by a limited number of individuals who require access for their specific role, and who receive training on their obligations. We are confident that we approach our collection, handling and management of direct access information in an appropriate manner.”
The NZSIS system will create a record of each time the data is accessed, according to the agreement, containing the related project, the reason for the search and the identity of the user.
The agreement replaces a previous direct access agreement with Immigration NZ which was signed in March 2017.
Other agreements have also recently been updated.
The NZSIS has access to the Birth Death and Marriages (BDM) and Citizenship databases run by the Department of Internal Affairs, according to a renewed agreement also signed in October.
Instead of holding a copy of the data, the NZSIS can use dedicated terminals to access the information and copy specific entries to the agency’s network. This data is used for a broader range of functions, including the granting of security clearances.