A new examination of previously published affidavits from the Government Communications Security Bureau (GCSB)—the New Zealand equivalent of the National Security Agency (NSA)—appears to suggest that the GCSB used the “Five Eyes” international surveillance network to capture the communications of Kim Dotcom, the founder of Megaupload.

The new analysis was posted by New Zealand journalist Keith Ng in a Thursday blog post. If the link proves to be true, it would seem that the NSA’s vast international surveillance capability can be turned against individuals unrelated to the NSA’s stated mission to aid military, counterintelligence, or counterterrorism objectives.

Kim Dotcom has been charged in the United States with copyright infringement rather than terrorism or any other violent crime. The German-born entrepreneur is currently fighting extradition from New Zealand to the United States. Separately, he has launched a civil suit in New Zealand against the GCSB for what the New Zealand government has already admitted was unlawful surveillance.

REL TO NZL, FVEY

On Page 21 of the GCSB’s Affadavit of Disclosure (PDF), in an internal e-mail dated February 17, 2012, the document is marked: "TOP SECRET//COMINT//REL TO NZL, FVEY."

The last section of that classification (REL TO NZL, FVEY)—“Relevant to New Zealand, Five Eyes”—refers to the vast intelligence and data sharing program between the United States, the United Kingdom, Canada, Australia, and New Zealand, known as “Five Eyes.” Given new disclosures about the capabilities of PRISM and XKeyscore as a result of the documents provided by former NSA contractor Edward Snowden, a close examination of this affidavit seems to suggest that the Five Eyes infrastructure was used in Dotcom’s case. (In a slide published last month by The Guardian, XKeyscore is clearly shown to have a presence in New Zealand.)

The affadavit also provides a redacted list of “selectors” for Kim Dotcom, his wife Monica Dotcom, and Bram Van Der Kolk, one of Dotcom’s co-defendants.

“We intercepted [REDACTED] from the first two selectors on the list," the document states. "Obviously only a small fraction of them were used in the reports that were generated. We had no [REDACTED] collection on Dotcom, and I’m advised we saw a little [REDACTED] none of which was used in reporting.”

“All Five Eyes partners have access [to the NSA's systems], including GCSB,” Dotcom told Ars. “GCSB doesn’t even operate their own spy cloud. Everything goes into the US-based spy cloud. Including all the surveillance they have done on me. They typed in the selector and got access to everything the Five Eyes spy cloud had on me. Then the GCSB started real-time surveillance of all my communications, IP, mobile, etc. and was feeding that into the spy cloud.”

Neither the GCSB nor a spokesperson for the Embassy of New Zealand in the United States immediately responded to Ars’ request for comment. In June 2013, New Zealand Prime Minister John Key evaded answering whether the GCSB uses or has access to the NSA’s PRISM system.

"I can't tell you how the United States gather all of their information, what techniques they use, I just simply don't know,” Key told TV3’s Firstline. “But if the question is do we use the United States or one of our other partners to circumvent New Zealand law then the answer is categorically no. We do exchange—and it's well known—information with our partners. We do do that. How they gather that information and whether they use techniques or systems like PRISM, I can't comment on that.''

"What was done was illegal"

As we reported in March 2013, a New Zealand appeals court ruled (PDF) that Kim Dotcom has the right to sue the government of New Zealand for illegal surveillance. As we reported further last year, the NZ government admitted after the fact that Dotcom should not have been subjected to government surveillance due to his having obtained permanent resident status.

According to new documents acquired earlier this year by a New Zealand TV channel, the GCSB already had information as of December 16, 2011 (before the January 2012 raid) showing that Dotcom was a permanent resident of New Zealand and that the agency knew Dotcom should not have been targeted at all. Interestingly, the documents also show Dotcom’s government code name: “Billy Big Steps.”

Still, Ira Rothken, Dotcom’s California-based attorney, seemed to be a bit more cautious about drawing any new implications from the NZ affidavit.

“We’re in the process of litigating a civil case that implicates the New Zealand government for their illegal spying,” he told Ars. “At this point, while we have a healthy appreciation for whatever informal analysis is being done, our goal in this case is to actually get the information directly from New Zealand government sources. I don’t want to prejudge the very thing that we’re litigating now.”

Still, Rothken seemed to indicate that it was within the realm of possibility that Five Eyes was turned against Dotcom illegally.

“I think it’s axiomatic that New Zealand has access to the Five Eyes infrastructure because it’s a member of Five Eyes and it has network points in New Zealand, including a large installation in New Zealand,” he added. “I think that that’s common knowledge. We know that the spy machinery was misused because what was done was illegal. The interesting thing about this case is that it shows how not having sufficient checks and balances against the spy machinery can come back to hurt and impact the rights of innocent residents. Here, the Prime Minister has already apologized and admitted that what happened was illegal. We are litigating for what damages and remedies should be provided.”

Mark Rumold, a staff attorney at the Electronic Frontier Foundation, said that it wasn’t clear how much New Zealand authorities obtained via the NSA.

“It would all be dependent on New Zealand law,” he told Ars. “There’s nothing in here that looks like a slam dunk. It doesn't seem like it’s outside the realm of possibility, but if everything is based on a single classification, it seems possible.”

Meanwhile, NZ expands GCSB spying domestically

At the time of the surveillance against Dotcom, the GCSB was only allowed to engage in surveillance of non-resident foreigners. However, earlier this week, the New Zealand parliament voted 61-59 to expand the GCSB’s powers to encompass citizens and legal residents.

"This is not, and never will be, about wholesale spying on New Zealanders," Prime Minister John Key told parliament on Thursday. "There are threats our government needs to protect New Zealanders from. Those threats are real and ever-present, and we underestimate them at our peril."