WELLINGTON, New Zealand — A watchdog office said Wednesday that New Zealand spied for years on its South Pacific neighbors and passed collected information to the U.S. and other allies.
But the watchdog overseeing New Zealand's spy agencies did not recommend any changes after concluding the spy agency, which collected the data, was acting within the law.
The report released by Cheryl Gwyn, the inspector-general of intelligence and security, found that the Government Communications Security Bureau (GCSB) collected bulk data from satellites from South Pacific countries between 2009 and 2015.
Gwyn found that some of that data was shared with spy agencies from New Zealand's "Five Eyes" allies: the U.S., Canada, Britain and Australia.
The inspector-general's report was prompted by documents leaked by former U.S. National Security Agency contractor Edward Snowden, which indicated the GCSB was collecting data in the South Pacific.
That led to complaints from some New Zealanders worried that their private communications might have been intercepted. Gwyn found no evidence that had happened. Still, her report shines some light into the typically secretive world of spying.
Gwyn's report does not name any specific countries that the GCSB collected data from, and doesn't address whether the spying continued after 2015. Gwyn noted that for legal reasons, she wasn't able to mention everything she had found out, including disclosing information that might compromise the ongoing performance of an intelligence agency.
Gwyn found in her report that some Pacific nations are dependent on satellites, rather than undersea cables, to connect with the rest of the world and that information can be intercepted from satellite links.
She said there were laws in place that enabled the GCSB to collect such signals to protect New Zealand's interests in the South Pacific, and she found no evidence that the bureau had operated beyond the law, except inadvertently in a couple of instances, which were identified and then fixed.
Gywn noted that the GCSB was legally required to destroy data it had collected that wasn't directly relevant to its particular mission. But she noted that when data was forwarded to partner agencies, it meant the GCSB was reliant on those other agencies to apply restrictions and controls.