Deployment of Deep Packet Inspection Systems and associated costs

B M Murrah made this Official Information request to Government Communications Security Bureau

The request was refused by Government Communications Security Bureau.

From: B M Murrah

Dear Government Communications Security Bureau,

Under the Official Information Act 1982 I request information and documentation relating to the following:

1. Confirmation of the deployment of Deep Packet Inspection systems via infrastructure providers, including Chorus, following the passage of the TICS legislation.

2. Specific confirmation whether a Deep Packet Inspection system has been deployed in the Dunedin central exchange area via Chorus.

3. Costs to date re-imbursed to providers, including Chorus, for the installation of Deep Packet Inspection systems to comply with TICS legislation requirements.

Yours faithfully,

Beau Morgan Murrah

Link to this

Alex Harris left an annotation ()

This will be interesting. The "cybersecurity" function (which would presumably be the justification for such a deployment) is only tangentially related to national security, and so they may not be able to rely on s6(a) to refuse requests.

Link to this

From: Information
Government Communications Security Bureau

GCSB acknowledges receipt of your request and will respond within the statutory deadlines.


show quoted sections

Link to this

From: Information
Government Communications Security Bureau

Attachment 2014 03 12 OIA Request Beau Murrah Response.pdf
833K Download View as HTML

Please find attached the response to your OIA Request.



show quoted sections

This email has been filtered by SMX. For more information visit


Visible links
1. mailto:[email address]

Link to this

B M Murrah left an annotation ()

As you can see above, today I received a refusal based on s6(a) that it would prejudice the security or defence of New Zealand or the international relations of the Government of New Zealand.

I am considering reviewing the first part of my request- just to know whether at all they have been deployed. My second question was admittedly cheeky and based on a widely circulated rumours that such a system has been installed in Dunedin.


DPI systems are already in wide use by ISPs in Canada, the United States, and United Kingdom. To a certain extent these have been well documented. For a start, their existence would not seem in anyway to prejudice our international relations given the climate of awareness around this issue/it would not exactly be a revelation.

I would challenge the idea that merely knowing whether they have been deployed would threaten our security in anyway- anyone that would possibly threaten our national security would already know or likely assume they are being deployed.

This issue concerns me as a citizen in Dunedin with lofty hopes of starting an ICT business here and conducting research for which privacy is important. Its of interest to my (and our communities) democratic participation through the internet- knowing more exactly what infrastructure is possibly affecting it- and I just think we have a right to know in this respect.

Any advice on how to write/frame a review to the ombudsman?

Link to this

Things to do with this request

Government Communications Security Bureau only: