The SIS did not intend to mislead the New Zealand public over the jihadi brides controversy, but was not in a position to reveal the details when the story broke , its director says.

Photo: RNZ / Diego Opatowski

Director Rebecca Kitteridge said the Security Intelligence Service (SIS) could not reveal the women travelling to areas controlled by Islamic State (IS) in the Middle East had left from Australia, not New Zealand, at the time.

"... because the information about the women had come from a partner agency and we didn't have permission to release that information at the time," she said.

"But when I got the Official Information Act request subsequently we asked for permission from the agency - the partner agency - to release the information that the women had left from Australia, and it took some weeks to get that permission - and when we did we released it."

The controversy arose when Ms Kitteridge said during an Intelligence and Security Committee in December last year that New Zealand was seeing an increase in the number of women travelling Islamic State-controlled areas, possibly to become "jihadi brides".

It then emerged in March that the women, who had been discussed as a security risk to New Zealand, had not left from New Zealand, but were New Zealand citizens living in Australia and had left from there.

Prime Minister John Key was subsequently accused of misleading the public and scaremongering to suit his own political agenda.

Labour leader Andrew Little said at the time that the government "have deliberately and calculatedly created an impression that simply wasn't correct, that is there was a security risk that simply didn't exist".

Ms Kitteridge stood by the decision to discuss the risk posed without disclosing that they had not left from New Zealand.

"Well, I do understand that the media is interested in the local story but that wasn't the focus from my point of view as director," she said.

"The security concern is the fact that New Zealand citizens are in an ISIS-controlled part of the Middle East and potentially could return here."

Ms Kitteridge said the women were discussed in the context of a domestic security threat because of the risk of them returning to New Zealand from the Middle East, and her focus was also on the women themselves as New Zealand citizens.

"And the reason why that's the issue is that we as a country have responsibility for our citizens, both in terms of their own safety and in terms of whatever activity they might be up to," she said.

"The evidence across the board is that women are used in terrorist attacks, or they may be working to radicalise others online, so there was a concern both for their own safety and for any illegal activity they might be doing as New Zealanders that could be damaging to the international security and damaging to the reputation of New Zealand.

"So that was absolutely my focus, and that was the basis on which I had advised both our minister and the prime minister."

Privacy fears - unwarranted?

Ms Kitteridge also addressed concerns raised about a Privacy Act exemption that allowed agencies to access personal information from private companies and public sector agencies.

Under that exemption, the SIS and GCSB can obtain or request personal data.

Sir Michael Cullen, who carried out a recent review of the spy agencies, has previously said the current rules meant both agencies had almost unrestricted access, as they did not need a warrant and did not have to report the information they collected.

Ms Kitteridge said the public could be assured data was only used for specific purposes, and was subject to oversight.

Dr Cullen has also highlighted another area, that is to give the intelligence agencies explicit authority to directly access certain government databases.

He gave the example of immigration, so agencies could run passenger airplane lists through a database, for example those designated as terrorists, to pre-emptively check for any potential threat before those passengers arrive in New Zealand.

However, Ms Kitteridge said companies and organisations were under no obligation to hand over the information.

"And it has to be for the purpose of our statutory functions, it can't be beyond that, so the functions are set out in the act and all of this is subject to oversight from the Inspector-General and her office.

"They don't just look at our warrants, they're able to look at any of our investigations and see whether they are being properly conducted."

"So if there were any abuse of that power or that function of receiving and holding information then I'm sure that would be of concern."

Ms Kitteridge said one example of when personal data might be requested was when the government needed to determine someone's citizenship status.

"There's an increasingly strong compliance framework and culture within NZSIS and people are really careful about how information is requested and used.

"People are very aware of the responsibility and the privilege of accessing personal information and that it is not something that is done lightly."