External security consultants inquiry findings
Published : 18 December 2018
A State Services Commission investigation into the use of external security consultants by government agencies has uncovered failings across the public service, including breaches of the code of conduct.
State Services Commissioner Peter Hughes said the system was not operating in a way New Zealanders would expect and has introduced new standards that will strengthen transparency and consistency across all government agencies.
However, the inquiry found no evidence of widespread inappropriate surveillance by external security consultants on behalf of government agencies.
An underlying theme of the inquiry was the balance between a citizen’s right to privacy and the public interest.
“Any decision to use surveillance requires careful judgement,” said the Commissioner.
“It must be lawful, it must be proportionate, and it must be ethical.
“It is never acceptable for an agency to undertake targeted surveillance of a person just because they are lawfully exercising their democratic rights – including their right to freedom of expression, association and right to protest. That is an affront to democracy.”
The inquiry, led by Mr Doug Martin and Mr Simon Mount QC, looked at the use of external security consultants, including but not limited to Thompson & Clark Investigations Limited (TCIL). The inquiry covered 131 State sector agencies, including all public service departments. It looked at whether public servants or contractors may have breached the State Services Standards of Integrity and Conduct (code of conduct).
The inquiry focused on the last 10 years but also looked at events going further back. In total the inquiry conducted over 100 interviews and spoke to officials from organisations outside of State services, including the Office of the Privacy Commissioner, the Office of the Ombudsman, the Inspector General of Intelligence and Security, the Independent Police Conduct Authority the Private Security Personnel Licensing Authority and Archives New Zealand.
The main findings and actions taken by the Commissioner:
1. Southern Response
Southern Response acted inconsistently with the code of conduct from 13 March 2014 when TCIL, on the agency’s behalf, attended and recorded several closed meetings of insurance claimants, and was in breach of the code from 1 January 2015. The recordings were made by a contractor who was not a licensed private investigator, which was potentially unlawful. It was not possible to make findings because the recordings were not retained, also a breach of the code.
The Commissioner has laid a complaint with the New Zealand Police regarding the potentially unlawful recording of the meetings.
Southern Response is a Crown company with a board responsible to shareholding Ministers. The Commissioner has written to the Minister for Greater Christchurch Regeneration and the Minister of Finance outlining his concerns to enable them to consider any action they wish to take.
2. The Ministry for Primary Industries (formerly Ministry of Agriculture and Fisheries)
Two MAF employees undertook secondary employment with TCIL, in breach of the Code of Conduct. Neither of these individuals remain in the public service.
After consultation with the Commissioner, MPI referred the matter to the Serious Fraud Office in March. A full SFO investigation is currently underway.
3. New Zealand Transport Agency (NZTA)
NZTA’s lack of oversight of authorised access to the motor vehicle register, before 2017, breached the code’s requirement to treat information with the level of care expected by the public.
The Commissioner has written to the Minister of Transport requesting that the issue of effective oversight of access to the motor vehicle register be included in the current Ministry of Transport inquiry into the NZTA.
4. Crown Law Office and Ministry of Social Development (formerly Child, Youth and Family)
Crown Law breached the code by providing broad instructions to a private investigator (not TCIL) in a 2007 civil case alleging abuse in state care.
The inquiry found the broad nature of the instructions to the private investigators, without explicit controls to protect privacy interests, breached the Code of Conduct requirement to respect individual privacy and avoid activities that might harm the reputation of the State Services. The Ministry was found in breach at the lower end given Crown Law had the primary responsibility to manage the case.
The Solicitor-General is responsible for Crown litigation and acts independently of the Commission. The Solicitor General has accepted the inquiry’s findings and has undertaken to develop and implement a specific policy about information gathering for use in civil litigation, consistent with the law, the new model standards, and the code of conduct. The Commissioner will be referring the report, in respect of the findings on Crown Law, to the Attorney-General. In relation to the Ministry, because the Commissioner was chief executive at the time, he has referred the matter to the incoming Deputy State Services Commissioner to consider and determine. He has also referred these matters to the Royal Commission of Inquiry into Historical Abuse in State Care and in the Care of Faith-based Institutions for consideration.
5. The Ministry of Business Innovation and Employment (MBIE)
MBIE’s conduct as a whole breached the code of conduct by failing to maintain an appropriate level of objectivity and impartiality that the code requires. MBIE’s management of its regulatory responsibilities in the petroleum and minerals area, through the creation of Operation Exploration, showed evidence of poor regulatory practice.
The inquiry uncovered system-wide failings across the public service, including a pattern of behaviour where public servants developed inappropriately close relationships with TCIL and some evidence of poorly managed relationships with other providers.
The Inquiry looked at TCIL’s reporting to government agencies on ‘issue motivated groups’, which treated those groups as a security threat. Among the groups were Greenpeace, the Green Party, the Mana Movement, and some iwi groups in Northland, the East Coast and Taranaki.
The Commissioner has issued new model standards using his powers under Section 57 (4) of the State Sector Act 1988. These will ensure government agencies do not undertake surveillance or information gathering activity without careful consideration and a consistent process.
The Commissioner has requested assurance from public service chief executives and Crown entity board chairs that their agencies are fully compliant with these standards by 30 April 2019.
7. Thompson and Clark Investigations Limited (TCIL)
The Inquiry was provided evidence that, while contracted by government agencies, TCIL:
- Covertly attended public meetings without disclosing their purpose or the identity of their client
- Produced electronic recordings of some meetings, some of which were closed, without the knowledge or consent of attendees
- Approached public servants, who had access to sensitive information, for secondary employment with TCIL
- Accessed the motor vehicle register for potentially improper purposes. TCIL claimed they were accessing the data for the purposes of assisting government agencies, which is categorically denied by those agencies
- Advised a client not to disclose the source of information obtained inappropriately to the Police
- Likely, provided information obtained by surveillance for private sector clients to government agencies without disclosing the source and nature of the information supplied
- Was not consistent in retaining records of information collected.
The Commissioner has laid a complaint with the New Zealand Police regarding the recording of the meetings.
The Commissioner has lodged a formal complaint with the Private Security Personnel Licensing Authority regarding the use of an unlicensed investigator in breach of the authority’s code of conduct for private investigators.
The Commissioner wrote to the CE of MBIE asking her to consider the removal of TCIL from the Government procurement panel. The chief executive has removed TCIL from the panel.
“While the problem is not widespread, we need to do better. And we will,” said Mr Hughes.
“What concerns me most is that TCIL has treated ‘issue motivated groups’ as a security threat in its reporting to government agencies. I am very disappointed that government agencies did not challenge TCIL on this. That is not consistent with how we should view democratic freedom.
“And it is never acceptable for an agency to use private investigators to undertake surveillance which would be unlawful or unethical for the agency’s own staff to undertake.”
On the issue of TCIL attending public meetings in Christchurch and taking an audio recording of proceedings on behalf of Southern Response, Mr Hughes said it was not right and not the sort of behaviour New Zealanders would expect of a contractor working for a government agency.
“From what I have seen, the decision to record this public meeting was ill judged and poorly managed,” said Mr Hughes.
“The findings point to a pattern of behaviour by TCIL that does not meet the professional standard I would expect of a consultant working on behalf of the Government.
“I have written to the Private Security Personnel Licensing Authority to outline my concerns with Thompson and Clark.”
The new model standards Mr Hughes has issued for government agencies - Information Gathering and Public Trust - sets out minimum expectations on how public servants should gather information for regulatory compliance and law enforcement. The new standards ensure government agencies use their authority to undertake surveillance or information gathering in a way that is lawful. They will improve transparency and strengthen safeguards against inappropriate activity.
There are reasons why it can be appropriate for an agency to undertake surveillance and information gathering. This could include tax evasion, compliance with health and safety standards, or investigating benefit or ACC fraud – especially if a person under investigation is suspected of deceiving or misleading an agency. Sometimes this is the only way to resolve these cases.
Mr Hughes said before undertaking any surveillance or information gathering activity an agency must be clear about exactly what activity it needs to undertake and why and to put in place appropriate oversight.
“All public servants must be vigilant in how they exercise the significant responsibilities and powers entrusted to them by New Zealanders,” he said.
“Using third parties is not a way to contract out of the State Services Code of Conduct – a government agency should expect the same behaviour from contractors working on its behalf, as it does of its own staff.”
The Commissioner has given agencies until 30 April 2019 to develop policies on how they will operate and publish them online. These policies must include clear governance arrangements, and a transparent description of the investigation tools agencies use. They must have independent oversight and include an effective complaints or review process.
“I want to be clear,” said Mr Hughes. “As Head of State Services, I take responsibility for what has happened here. And I will fix it.
“I apologise unreservedly to those individuals whose privacy has been intruded on by state servants or their contractors.”
Media queries: Grahame Armstrong 021 940 457 or firstname.lastname@example.org