15 August 2019
Alex Harris
Via FYI.org.nz:
[email address]
Dear Mr Harris
Your Official Information Act 1982 Request
1. We refer to your official information request dated 26 June 2019 asking:
…
whether your agency has ever employed ZX Security Ltd, to provide training in social media or open
source intelligence. …..If so, all information relating to, or provided by, ZX Security Ltd in
relation to the above. (
your Request).
2. We also note our letter dated 19 July 2019, extending the time to respond to your Request to
16 August 2019.
3. Our response to your Request is set out below.
Training in Open Source Intelligence
4. The Financial Markets Authority (
the FMA) has not employed ZX Security Ltd (
ZX Security) for the
provision of regular training to its employees. Various FMA staff have however attended training
sessions provided by ZX Security (
2014 Training Sessions).
5. On 18 February 2014, two FMA staff attended a presentation provided by ZX Security. This
presentation was: arranged by New Zealand Institute of Intelligence Professionals; held at Counties
Manukau Police Station; of 90 minutes duration; and related to open source intelligence.
6. On 16 April 2014, 16 FMA staff attended training provided by ZX Security. FMA arranged this training.
It was: held at Auldhouse IT Training Solutions, Three Lamps Centre, 338 Ponsonby Rd, Auckland; of 4
hours duration; each attendee went to a morning or afternoon session; and related to open source
intelligence.
7. Additional to the details above, information we hold within the scope of your request is information
relating to organising the 2014 Training Sessions, and presentation materials and resources provided at
the training.
8. We have considered whether correspondence relating to organising the 2014 Training Sessions should
be made available under the Official Information Act 1982 (
the OIA). We have decided to release it to
you, in part. Some small extracts of the information are being withheld from these documents under
the following provisions of the OIA:
8.1. names and contact details of individuals – pursuant to s 9(2)(a), namely to protect the privacy of
those individuals; and
8.2. a ‘rates breakdown’ of the training costs – pursuant to section 9(2)(b)(ii), namely to prevent
prejudice to the commercial position of the person to who supplied or who is the subject of the
information. (Note, we have released the aggregate charge to the FMA.)
9. The
attached appendix provides a list of the documents, which are being released, including details of
the information that is been withheld from those documents.
10. We have also considered whether ZX Security’s PowerPoint presentation, and resource provided listing
useful websites, should be made available under the OIA. We have decided to withhold this
information in full, under the section 9(2)(b)(ii) of the OIA to prevent prejudice to the commercial
position of the person who supplied the information, namely ZX Security.
11. We consider that the withholding of information as set out above is not outweighed by other
considerations, which render it desirable, in the public interest, to make the information available.
Additional Communication with ZX Security
12. Additionally, we note that in 2016 and 2018, the FMA liaised with ZX Security, regarding the possibility
of further training. The FMA decided not to proceed with further training from ZX Security. We have
not provided this information, understanding it is not within the scope of your Request as it does not
relate to training ZX Security was ‘employed’ to provide.
State Services Commission – Model standards for information gathering associated with regulatory
compliance, law enforcement and security functions
13. Given your enquiry is about training for Open Source Intelligence, we note that on 18 December 2018 a
SSC model standard came into effect for information gathering associated with regulatory compliance,
law enforcement and security functions on. The FMA’s information gathering practices comply with
these standards.
Concluding matters
14. We note you have a right, by way of complaint under section 28 of the OIA to the Ombudsman, to seek
an investigation and review of the FMA’s decision. Information about how to make a complaint is
available a
t www.ombudsman.parliament.nz; or phone 0800 802 602.
15. If you wish to discuss this letter with us, please feel free to conta
ct [email address] in
the first instance.
Yours sincerely
Natalie Muir
Manager, Policy and Governance
#
Type
Date
Title
Information withheld
1
Calendar invite
18.02.2014
NZIIP Open Source Searching & Internet Security
Names of individuals
2
Email chain
4.3.2014
RE: OSINT Training Costs
Names and contact details of
individuals and ‘rates breakdowns’
3
Email
30.04.2014
Re: FMA OSINT Training – ZX Security Invoice
Name and contact details of
individuals
4
Email and
27.6.2019
OIA – re ZX Security Ltd
Names and contact details of
Invoice
individuals
5
Calendar invite
16.4.2014
Open Source Intelligence (OSINT) Training Morning
Names and contact details of
individuals