It is unlikely New Zealand would have Chinese-owned surveillance technology installed in Government buildings, as has been uncovered in Australia.
Andrew Little, the minister responsible for the New Zealand Security Intelligence Service and Government Communications Security Bureau, told the Herald the likelihood of such a discovery in New Zealand would be “very low”, given the security guidelines government departments must adhere to.
A recent news report from Australia detailed how almost 1000 Chinese-owned cameras and other recording devices – some of which have been banned by the United States and the United Kingdom – were found to have been installed across 250 different Australian government building sites, including a number of defence and military-associated spaces.
Deputy Prime Minister and Defence Minister Richard Marles said it was important the issue had been brought to their attention, but claimed it was important not to overreact.
“We’re doing an assessment within Defence into where those cameras exist, and when we’ve gone through that process we’ll obviously remove [them].”
Liberal Party spokesman for cyber security James Paterson said the Hikvision and Dahua cameras should be urgently removed, noting both companies were part-owned by the Chinese Communist Party.
The companies were reportedly subject to the Chinese National Intelligence Law, which required them to hand over data if requested by Chinese intelligence agencies.
Little said he was not aware of any surveillance cameras originating out of China operating around New Zealand’s Parliament or other sensitive facilities, and didn’t know of any assessments undertaken similar to what had been initiated across the ditch.
“Any gear that is recording and storing information in the name of the Government is carefully checked anyway to check for integrity and what have you, so I would doubt that we would have gear that poses a risk installed by Government departments or on behalf of Government departments in their facilities.
“The level of awareness and I think compliance is very high, I think the risk of a similar thing happening in New Zealand is very low.”
Andrew Little, the minister responsible for the New Zealand Security Intelligence Service and Government Communications Security Bureau. Photo / Michael Cunningham
Little, also the Defence Minister, endorsed the response from his Australian counterpart.
“We don’t know what the extent to which [the surveillance technology] was networked into anything beyond just recording what was happening in the particular facilities, so it’s really hard to evaluate what the risk is.
“I’d be surprised if the Australians hadn’t done anything other than a pretty thorough risk assessment before installing that kind of equipment but in the end, that will be a matter for them and when they undertake their audit, they’ll no doubt discover what did and didn’t happen.”
In his time as the relevant minister, Little said he had sent reminders to department heads when compliance standards appeared to be slipping. Annual evaluations were carried out to assess adherence to security guidelines.
“[The SIS] has gone to a lot more effort to make sure that the heads of our departments and agencies are aware of their obligations and hold them to it.”
The Government Communications Security Bureau published the New Zealand information security manual, which provided mandatory information security advice and guidance for government agencies and departments.
A GCSB spokesperson said the manual was “product-agnostic”, but added all Government agencies and departments were required to undertake a risk assessment as part of the decision process to purchase any technology used on their networks.
“Specific product selection is primarily a matter for individual agencies, provided those products meet the guidance and policy requirements of the NZISM and other requirements such as those set out in the overarching New Zealand government security Protective Security Requirements,” the spokesperson said.
Take your Radio, Podcasts and Music with you