Netsafe welcomes ‘funding changes reversal’

There was "a perceived attempt by the DIA to prioritise its own interests over Netsafe’s essential services" - Netsafe CEO Brent Carey. Photo / Michael Craig

In a tight year that has seen many tech-related agencies face knockbacks, Netsafe is celebrating a win. The independent, non-Governmental agency has rebuffed an effort - framed by some as a Department of Internal Affairs powergrab - to put it under the DIA’s thumb. Netsafe also gained access to new funding in Budget 2024.

Midway through last year, then Public Service Minister Andrew Little put a plan to cabinet that would up-end Netsafe.

As Netsafe chief executive Brent Carey would later describe it in letters to incoming Justice Minister Paul Goldsmith and Education Minister Erica Stanford, “At the end of the last parliamentary term, the previous Government made a knee-jerk decision to transfer Netsafe’s funding contracts [with Justice and Education] to the Department of Internal Affairs and for this to take effect in July 2024. ‘

“We understand this decision was collateral damage resulting from a broader piece of work to align cybersecurity work across government, and a throwaway comment related to cyber safety, without any benefits analysis or consultation with Ministry of Education, Netsafe or school communities.” (The “throwaway comment” line was a reference to Little’s cabinet briefing paper, which focused primarily on a push to roll Cert NZ into the GCSB, with only passing reference to Netsafe - even if it resulted in a recommendation for funding upheaval).

The plan was approved. This week - just days from its implementation deadline - Carey told the Herald the funding decision had been reversed. Netsafe is applauding the move.

The changes would have been unnecessarily disruptive, damaged long-held relationships and affected Netsafe’s ability to deliver online safety essential programmes and initiatives in the justice and education sectors, Carey said.

“Concerns had arisen since July 2023 regarding the handling of Netsafe’s government contracts and a perceived attempt by the DIA to prioritise its own interests over Netsafe’s essential services,” he added.

Those concerns were voiced by Netsafe allies including retired District Court Judge and cyberspecialist David Harvey. Netsafe is an independent non-profit, if largely Crown-funded as the approved agency for the Harmful Digital Communications Act (HDCA) and a lead for cybersafety education in schools. Putting the agency “under the eye of the DIA” could raise freedom of expression and independence concerns.

“One of the major principles behind the HDCA was to keep its administration separate and distinct from the state,” Harvey said. He saw it as a concern that the DIA was, in his view, trying to expand the scope of its interests and operations and put Netsafe under its thumb.

And in terms of practical funding concerns, it made more sense for Netsafe to have a contract with Justice, which is responsible for the HDCA, Harvey said.

“As an independent charitable organisation, Netsafe plays a critical role in the online safety ecosystem. We ensure the public can seek out independent support without necessarily having to talk to the Government or NZ Police,” Carey said.

“One of the major principles behind the HDCA was to keep its administration separate and distinct from the state,” says retired judge and cyberspecialist David Harvey. He saw it as a concern that the DIA was, in his view, trying to expand the scope of its interests and operations and put Netsafe under its thumb. Photo / Jason Oxenham

Little said earlier he wanted a Cert NZ (and in the fine print, Netsafe) shifted under other agencies because, “The current system is fragmented, creating a ‘merry-go-round experience for business victims’ of cybercrime.”

This week, Carey said, “We are the front door for the public for online harms and scams. We operate a ‘no wrong door’ that ensures any reports if not handled by us or better handled elsewhere are directed to the right organisation.” At the same time, the Netsafe boss has called for a national anti-scam centre for a coordinated response to online fraud.

DIA responds

The Herald put Carey’s comments to Internal Affairs. A spokesperson replied: “Consolidating Netsafe’s funding arrangements within the Department of Internal Affairs aimed to simplify contracting arrangements with Netsafe across government. The decision to consolidate and shift Netsafe funding arrangements to DIA was made by cabinet. All funding and contract management was done independently from our own digital safety functions, and all funding for Netsafe contracts remained ringfenced for their work.

“DIA’s goal, regarding digital safety, is for the reduction of online harm and a safer online environment for all New Zealanders, regardless of how it’s achieved.”

Netsafe access to new funding

Netsafe had total revenue of $5.7 million in FY2023 (and total expenses of $4.9m), according to its latest Charities Register filing. Major funding came from its contracts with the Ministry of Justice (for its work as the lead agency for the Harmful Digital Communications Act) and the Ministry of Education (for its work with schools) but the non-profit also taps corporate and philanthropic sources.

This year’s Budget opened the door to additional resourcing, with $22.5m earmarked for new digital services funding for schools in 2024/25, followed by similar amounts each year through to 2028, spread across Netsafe (for cybersafety training), Network for Learning (N4L, the Crown agency that helps schools with broadband and networks, which will get equipment replacement funds), Microsoft (for software licensing) and Google (ditto). Carey said it had yet to be resolved how the funding would be spread across the various parties.

DIA cuts

Internal Affairs, meanwhile, is losing 22 roles from its digital safety and anti-money laundering teams (as part of its 7.5 per cent cut that saw a total of 76 jobs eliminated). The department also runs the Digital Child Exploitation Filtering System, installed at NZ’s major internet service providers. The Public Service Association called the cuts “reckless” and said they would expose more New Zealanders to offensive or extremist material, and make people more likely to be scammed.

Internal Affairs Minister Brooke van Velden said earlier the DIA had assured her it would be able to meet “the same service delivery” as currently expected after the job cuts. Many of the roles were already vacant through attrition.

Meanwhile, Cert NZ director Rob Pope departed in the New Year (to WorkSafe) after his organisation - which provides “triage” support for individuals or small businesses hit by a cyberattack - was moved under the GCSB’s National Cyber Security Centre (NCSC). The final shape of the restructure is still not clear.

Carey said, “Any loss of roles dedicated to fighting internet-related crime will be felt by the whole internet safety ecosystem. We await to see what the Government’s plans may be for any movement of people and functions closer towards the Justice sector over the coming year”.

Acting Internal Affairs Minister David Seymour : "Moving to a simpler, flatter structure to avoid duplication." Photo / Michael Craig

Seymour responds

Acting Internal Affairs Minister David Seymour ignored Netsafe’s snipe at the DIA,

But on the issue of DIA cuts, he said: “The levels of spending this government inherited simply weren’t sustainable, our priority is restoring balance to government spending.”

Seymour added: “The Minister’s priority is removing the worst of the worst online harmful content, such as child sexual exploitation. One role is being disestablished within the Digital Child Exploitation team, while the remaining 11 members of the team will continue to provide the same level of service delivery. With the new deal signed with the Internet Watch Foundation we expect the number of blocked websites to increase from 700 to 30,000 on any given day.

READ MORE: All about the pouch: Principal goes from sceptic to support of mobile phone ban

“The AML/CFT [Anti-Money Laundering and Countering Financing of Terrorism] directorate is moving to a simpler, flatter structure to avoid duplication - such as combining the teams as they are not large enough to justify having separate managers each.

“The focus will be on the delivery of core regulatory compliance and enforcement actions and lifting AML/CFT regulatory capability, and to work in collaboration with the proposed centralised functions to regulate the sector.”

Education Minister Stanford wouldn’t comment on the thwarted Netsafe shift to the DIA, saying it was an operational issue. Goldsmith could not be immediately reached for comment.

Mismatch

Harvey also welcomed the reversal.

“It was a mystery why the arrangements were changed and the DIA should be put in charge of future funding,” he told the Herald earlier this week.

“It seemed a mismatch, especially given the DIA’s involvement with the Safer Online Services and Media Platforms proposals and with the censorship regime under the Classifications regime. It seemed that there was a move to centralise the various elements of control of content in the digital space.

“The return to the original funding model is far more in line with Netsafe’s dual missions as educators and as the approved agency [for the HDCA].”

A ‘redoubling’ after DIA ‘pull-back’

Last month, a DIA plan - first put forward last year in its “Safer Online Services and Media Platforms” discussion paper - proposed creating a new online content regulator, at arm’s length from the Government. Last month, that plan was scrapped.

“With the DIA’s online safety operations pulling back with the loss of digital safety roles and termination of its Safer Online Services and Media Platforms experiment, Netsafe can now redouble its efforts in delivering vital online safety services for what is already illegal under the Harmful Digital Communications Act,” Carey said.

“Our focus remains minimising harm on social media platforms, addressing mental health challenges in the digital age and running New Zealand’s busiest free public online harms and scam helpline.”

Netsafe says it handles more than 28,000 reports on average per year, with resolution within 15 days.

Carey says that compares to the DIA’s digital safety group at 10,382 matters (excluding spam), Cert NZ NZ’s 8,160, and the Banking Ombudsman’s 4732. This demonstrates continued value for money for government when outsourcing work to the charity and private sectors for helpline, harm prevention and consumer protection, he says.

Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.