Damning report slams police tech oversight after deputy commissioner resignation

Monday, 7 July 2025

Police Commissioner Richard Chambers announced the independent review in May.

An independent review into the use of police technology has found the current systems are “inconsistent”, “inadequate” and “insufficient”.

The review was initiated by Police Commissioner Richard Chambers in the wake of the sudden resignation of former deputy commissioner Jevon McSkimming in May.

Following questions from The Post at the time, Chambers announced he had launched a review to ensure “robust mechanisms” were in place on police devices to prevent “inappropriate use”.

Now, a summary of the results of the independent review - carried out by Bastion Security Group, a computer security company in Wellington - has been released to media. (The full report has “restricted” access.)

Among the key findings of the report are:

Lack of robust filtering mechanisms to consistently prevent access to unauthorised websites;
Insufficient monitoring of internet usage to detect and respond to potential security threats;

The review was initiated in the wake of former Deputy Commissioner Jevon McSkimming’s sudden resignation from the police force.

Inadequate monitoring of user activity;
Insufficient resources allocated to continuous monitoring and incident response; and
Inconsistent enforcement of security policies and procedures.

Bastion noted that due to its very nature, the police manage an “extremely complex technology operation environment”. This means differing levels of security controls were sometimes needed.

At times, the nature of policing may require some employees to access websites that might usually be blocked in corporate environments, the report said.

However, for several years police had been faced with “technical debt” - that is, legacy systems that could be considered for modernisation.

Positive steps were being taken to address these, balanced against the “challenging operating environment” and “competing priorities for resourcing”, Bastion said.

The report concluded that “some weaknesses in internet access controls, unmanaged devices, limited monitoring, and governance gaps within the New Zealand Police”.

In response to the review, Chambers said it was “very clear the current settings are not robust enough and urgent attention is required”.

Chambers said he had made “two decisions immediately”. The first is the reintroduction “as soon as possible” of audits of data and internet usage on police devices.

Six-monthly reviews of staff internet use patterns were paused at the end of 2020 to focus on other “high-priority measures”.

While the regular reports were halted, all web interactions from the police network continued to be logged and pass through a web filter. Police continued to conduct checks on individual devices “if and when issues were raised”.

The second was to initiate an assessment of police-owned standalone devices that operate outside the police network.

“While there are legitimate work reasons for such devices, clarity is needed around the oversight of them,” he said.

Chambers had requested a plan to consider the review’s recommendations and address the key issues “quickly”. Further decisions were expected within the month.