Mr Key said that when he issued warrants under the cyber-security function in the future, he did not intend the GCSB to access the content of New Zealanders' communications, including email, in the first instance.
But if a serious cyber intrusion was detected against a New Zealander, he would expect the GCSB to return to make the case for a new warrant to access content, and with the consent of the New Zealander.
"The Prime Minister and Commissioner of Security Warrants may impose any conditions they wish in a warrant," said the statement issued by a spokesman for Mr Key. "[He] intends, under cyber security warrants, to not allow the GCSB to access the content of New Zealanders' communications, including emails.
"If a serious cyber intrusion was detected against a New Zealander, the Prime Minister would require the GCSB to return and make the case to apply for a new warrant to access content, only where the content is relevant to a significant threat.
"In that warrant application, the Prime Minister would also expect the GCSB to seek the consent of the New Zealander involved, unless there were very good reasons not to do so."
Mr Key made the statement in response to questions about his fired-up appearance on Campbell Live on Wednesday night. In the course of the interview he said incorrectly that under the bill, the GCSB would not be allowed to look at the content of communications when conducting their cyber-security functions.
In fact, there is nothing that prevents it from doing so. But what Mr Key is now saying is that in exercising his power to impose any conditions he wants on a warrant, he will use his discretion to set the default position not looking at content in the cyber-security function.
Under the bill, the GCSB has three functions: its traditional one of collecting foreign intelligence, and it is not allowed to spy on New Zealanders under that function; assisting the SIS, the police and Defence in conducting duly warranted interceptions, which it has been doing already under dubious legal authority; and its cyber-security function.
Until now its cyber-security function job has been to protect government communications only from attack, but it will be extended to private-sector cyber systems if they are important enough to New Zealand.
Last night's statement also said the Inspector-General of Intelligence and Security would independently oversee the execution of warrants.
The bill is expected to pass its committee stages and third reading next week with a one-vote majority.
How it would work:
Cyber security today
Under the present law, if the GCSB detected an intrusion into the IRD cyber system, it could track its source if it were overseas, or if it were from the computer of a foreigner in NZ but not if it were from the computer of a Kiwi.
Cyber security tomorrow
Under the proposed law, if the GCSB detected an intrusion into the IRD cyber system it could track its source whether abroad, without a warrant, or in NZ with a warrant, which John Key says would not access the communications' content. If the Kiwi's computer was suspected as being an unwitting host of a remote attacker abroad, the GCSB would alert the Kiwi to get permission to access his or her computer content. If a person was suspected of being involved in the attack, the GCSB would get a warrant to look at the content.
