Project Speargun was the ditched cyber security project
A story from last week worth highlighting:
The Government Communications Security Bureau has tightened its defence over claims of mass surveillance by confirming the term “Project Speargun” was used to describe an abandoned element of a proposed cyber defence system.
American journalist Glenn Greenwald had accused the New Zealand Government of conflating Project Speargun, which he believed was evidence of mass surveillance, with Project Cortex, a project to defend New Zealand institutions from cyber attack.
A GCSB spokesman told Fairfax that Speargun was a code that referred to “a core component of the cyber defence project in its earlier iterations” and which comprised part of an option set out in a Cabinet paper released by Prime Minister John Key on Monday.
“The prime minister decided the Speargun component specifically would not be taken forward,” he said.
Confirmation that Speargun was a term used by the bureau to describe an abandoned element of its cyber defence system is important for two reasons.
On the one hand, it confirms the authenticity of slides presented by Greenwald at the Internet Party’s “moment of truth” event on Monday, which were the first public reference to Project Speargun.
But it provides a relatively innocuous explanation for the seemingly explosive statements those slides contained.
The most intriguing statement in the slides read: “GCSB’s cable access programme SPEARGUN phase 1; awaiting new GCSB Act expected July 2013; first meta data probe mid 2013.”
The terms “cable access” and “probe” suggest mass surveillance, but the slides could be describing the progress of a cyber defence system.
Detecting malware would necessitate inspecting the metadata of incoming packets of internet traffic. In other words, Greenwald’s smoking gun could be a cigarette lighter that looked quite like a gun.
So the moment of truth was a forged e-mail and a cyber-security initiative that was never implemented.