The tourist complained to Te Papa. They initially tried to fob him off, but eventually he got through to someone and those sites were removed from the filter. A good outcome, right?

Not So Simple

This incident raises a number of questions:

• Why is Te Papa filtering what people see on the internet?
• What type of content is being blocked?
• Who chooses which types of content to block?
• Finally, why are they using software that flags a German political website as "Pornography (Japanese)"?

Click on the image to see it fullsize.

Why censor internet access?

We spoke to Te Papa but they couldn't tell us why they felt the need to censor their wireless. They did know that they blocked file sharing protocols to reduce internet traffic but couldn't tell us why they were blocking some websites. We'd understand if Te Papa wanted to use some censorware on internet terminals available to children, but their filter goes far beyond that.

Are they worried that people will somehow download banned material? It's not their responsibility and it's not like they're monitoring phone calls to make sure people don't have illegal conversations.

Are they worried that people will browse offensive material (pictures/video) in a public place and annoy others? An increasing number of their guests have smartphones and "bring their own internet" and someone could as easily watch a porn DVD on a portable player. In any of these cases, it would be a simple matter of asking them to stop.

We reject the idea that internet providers (for that is what Te Papa is doing by providing free wireless) are in any way responsible for what an internet user does with that connection, in the same way that they aren't responsible if someone uses Te Papa provided water or electricity.

Te Papa's Filter

Te Papa could tell us that they are using internet filtering supplied by their internet service provider, Telstra Clear, but they had very little idea about how it works.

• They don't know why they're blocking some types of content.
• They don't know what type of content is being blocked.
• They don't know who decides what to block and what criteria they use.
• They don't really want to find out, saying that they're "happy for them [Telstra Clear] to make the decisions".

Any museum and art gallery is surely aware of issues around censorship and free speech, Te Papa itself has been involved in certain controversies about what should be shown and to who. Why has Te Papa chosen to censor the internet with so little thought about why and how? As our visiting tourist put it:

Seeing this happen at Te Papa, a flagship of the capital, tells me something about democracy and the importance of free speech and human rights in NZ.

Our view

We tend to side with the visiting German tourist - it's inappropriate for a place like Te Papa to be censoring the internet.

We suggest that worries about people accessing "bad material" over public internet are overstated. Any inappropriate behaviour (e.g. viewing internet pornography in a public place) can be solved by asking them to stop.

If an organisation decides to press on with censorship anyway, it would seem at a minimum that they should:

• Be able to tell people what sort of material is blocked and why they're doing it.
• Have a process for deciding what to block.
• Provide an easy way to appeal any incorrect blocking.
• Not use software that is as badly written as that used by Te Papa and TelstraClear.

Of course, once you look at all that, doesn't it just seem easier to let people have unconstrained internet access in the first place?

The Digital Child Exploitation Filtering System is New Zealand's internet filter, run by the Department of Internal Affairs. If you're with one of the participating internet service providers you can't access the content on the blacklist. It's meant to only be used to block images of child sexual abuse (and “think of the children!” gains buy-in very effectively), but unlike other censorship decisions which must be released, the list and process is secret, so no one really knows what's blocked, and overseas experience dictates that filters rarely work as first stated.

Apart from the secret list, and the secret processes around the list, the filter is meant to be open and transparent. Here's a quote from the February 2010 Independent Reference Group minutes:

“The Group suggested that the Department publish as much information about the system as possible. This would include regular statistics and a copy of the presentation [in the presentation given to the IRG, the operation of the filtering system, the compilation of the filtering list, and the appeal process was explained].”

The presentation never made it to the DIA website, so I requested it. Sticking with the trend of being a complete mess in regards to keeping records, they have lost it.

Here's a similar Powerpoint they sent, shown at the NetSafe Conference in April 2010 (pdf).

To encourage some additional transparency, I submitted an Official Information Act request last month, along with Joshua Grainger. If you'd like to see the full responses, they're here and here (pdfs).

Scope of the filter

From the February 2010 minutes:

“The Department has no intention to expand the scope of the filter beyond child sexual abuse images and has entered into a contractual agreement with the system’s supplier that it not do so.”

From the letter to ISPs advising them of the filter's availability (pdf):

“The Department recognises that, to ensure public confidence in the DCEFS, the scope of the system must remain on child sexual abuse material and its operation must be open to scrutiny. Accordingly, the Department's contract for the use of the software that supports the DCEFS constrains its use to filtering to child sexual abuse material.”

From the Common Questions and Answers page:

What assurances are there that the filter will not in future be extended to block content other than that intended?
The Department’s contract for the use of the software that supports the DCEFS constrains its use to filtering child sexual abuse material.

I requested the section of the filter contract that discusses the limitations of the filter (the DIA refuse to provide the full contract). I received a summary of it:

“While the Department has previously refused to release the whole contract with Netclean, it has referred to clauses in that contract as one of the reasons why the scope of the filtering system can't expand. The following is a summary of the relevant conditions of the Customer Licence Agreement.

• The primary goal of the NetClean Whitebox is to block access to child pornography.
• In order to achieve the main objective, NetClean allow that even non-child pornography is filtered, as long as it is material which is illegal to possess under the country's law and that the main objective for the installation is to block access to child pornography.
• The filter must not be used to restrict freedom of expression, nor to prevent the transmission of information which in itself is legal to possess.
• Furthermore, the installation of NetClean Whitebox must not violate the articles 18 and 19 of the Universal Declaration of Human Rights.”

Does this mean just child sexual abuse material that isn't child pornography can be blocked (the DIA say that the “bad” content is wrongly called child pornography)? Or anything illegal?

To me it seems like it's wide open:

“NetClean allow that even non-child pornography is filtered”.

Appeals and anonymity

From the Code of Practice (pdf):

“5.4 The process for the submission of an appeal shall:
• be expressed and presented in clear and conspicuous manner;
• ensure the privacy of the requester is maintained by allowing an appeal to be lodged anonymously.”

I wondered how, if appeals are meant to be anonymous, the DIA can process appeals when no URL is given by the appellant.

The DIA says:

“If a user does not submit a URL when appealing, the Department does its best to identify the site that appellant was referring to. This is done by looking at the block logs to identify sites blocked shortly before and after the appeal form was accessed and ISP of the appellant. The sites identified during that period will then be reviewed.”

This makes sense because blocks probably don't happen that often. However, if the ISP of the appellant can be compared, there's still other information being collected with appeals. It doesn't seem like this actually happens though.

Here's what one of the appeal reports says:

“Checked logs for sites blocked between 13:19 and 13:21. Sites in that timeframe identified as …”

No mention of ISP comparison.

Number of sites filtered

The DIA stated in a 2009 press release that the number of sites being filtered was over 7000. This dropped down to 400-700 in 2011, which is much closer to the 500 or so URLs the Internet Watch Foundation blocks.

The DIA on the massive decrease:

“The number quoted in the press release on 16 July 2009 related to the sites on the list during the trial. As there was a 2 year gap between the trial and going live with the filter system, the majority of the sites were taken down or had ceased to operate.”

So were the URLs being blocked not being regularly reviewed during the trial, and that's why there was such a high number, or did the policy on what sites could be filtered change?

In an email from Peter Pilley at the DIA to Richard Baalham, Networks Manager at Callplus (Slingshot), he claims:

“During the trial we had 0 false positives as we [reviewed] the list each month to ensure it [was correct] and current.”

The high number of 7000 could have definitely influenced ISPs to join the filter. Here's what Allan Freeth, the CEO of TelstraClear sent to Rick Barker, the Minister of Internal Affairs regarding TelstraClear joining:

“We will add a filter to all web browsing by Clearnet and Paradise customers that stops browsers from accessing known child sex abuse sites around the world. There are more than 7,000 such sites…”

Another thing that was curious about the number of sites filtered was that no URLs were removed from the filter between April 2011 and August 2011. All URLs are supposed to be reviewed monthly, and it seems unlikely that none were due to be removed.

When asked whether the list was reviewed monthly each month in 2011, the DIA said:

“Yes, it is this strict checking that is currently keeping our list so low.”

When asked why no URLs were removed between April 2011 and August 2011:

“On review, all sites continued to contain abuse material and subsequently had not been taken down by enforcement agencies in other countries or were still under investigation?”

“Were still under investigation” seem to be the key words in this answer. It's pretty clear-cut whether a site still contains child sex abuse images, and should only take seconds to check. An investigation isn't required, and it's more likely that some sites just weren't checked at all, thus still being “under investigation”.

I raised the prospect last month that if child sex abuse sites could identify DIA access to the sites they could provide innocuous content to the DIA instead of the child sex abuse content that they're showing to everyone else. The DIA say that in January 2012 they received 449 URLs for review from the public through the ChildAlert site.

In the NetSafe Powerpoint it says that reports through ChildAlert are received and pre-processed by ECPAT to remove false reports and filter bad reports.

This means that a high proportion of URLs received by the DIA should be able to be filtered.

Only 50 URLs that were submitted by the public in January 2012 were subsequently added to the filter list.

(If you're curious, they say that they reviewed over 500 URLs in January 2012, excluding the monthly review of all URLs on the filter list. That included 21 URLs supplied through the Interpol Worst Sites Project with “a number of other sites” that came to their attention as a result of investigations also being reviewed.)

Material filtered

A Russian child model website was discussed during the IRG's March 2011 meeting:

“The Group was asked to look at a child model website in Russia. The young girl featured on the site appears in a series of 43 photo galleries that can be viewed for free. Apparently the series started when the girl was approximately 9 years old, with the latest photographs showing her at about 12 years old. The members’ part of the site contains more explicit photos and the ability to make specific requests. While the front page of the website is not objectionable, the Group agreed that the whole purpose of the site is to exploit a child and the site can be added to the filter list.”

When asked for anything held regarding this website, and whether the website was considered a case of clearly illegal, objectionable images of child sexual abuse, the DIA replied:

“The website in question is divided into a public area and a member-only area. The public area contains images of a young girl dresses in a variety of outfits, which would not be classified as objectionable. The member-only area contains more sexualised images of the same girl that are objectionable. The Independent Reference Group (IRG) agreed that, as the purpose of the site was to sexually exploit a child, it should be added to the filter list.”

The IRG misses the point that if you tell the public that you're only going to filter images of children being sexually abused, you can't turn around and filter other content too, even if it is wrong.

The DIA say that the Russian child model website was not considered to be a borderline case.

Because a whole website is being filtered when only part of it contains material we were told was going to be filtered, I asked the following:

“I understand photographs of real life children being sexually abused, CGI and drawings of children being sexually abused, and the Russian child model website are being blocked. Are any URLs being blocked that don't come under that list?”

I received this answer:

“Material being blocked by the filtering system complies with the Code of Practice, which states:

2.1 The scope of the DCEFS will be limited to preventing access to know websites that contain publications that promote or support, or tend to promote or support, the exploitation of children, or young persons, or both, for sexual purposes.

2.2 The DCEFS will focus on preventing access to known websites containing child sexual abuse images.”

Joshua asked:

“Has the filter list ever contained sites with solely written material?”

The DIA replied:

“No, there are no sites on the list that contain solely written material.”

Note that this doesn't really answer the question of whether the list ever contained those sort of URLs.

From a 21 October 2008 email from Peter Pilley at the DIA to Graham Walmsley, Wholesale General Manager at Callplus:

“We have over the last 2 years built as system for the purposes of restricting access to sites that host child sexual abuse materials such as images, movies, stories etc...”

Independent Reference Group members

Here's what Nathan Guy, Minister of Internal Affairs sent someone in regards to Steve O'Brien's membership on the IRG (he's the manager of Censorship Compliance at the DIA).

“I am advised that the InternetNZ submission on the Department of Internal Affairs' draft Code of Practice for the filtering system suggested that membership of the IRG include a wide range of interests, including law enforcement and government. As Mr O'Brien is highly experienced in the enforcement of censorship law and would be working closely with the IRG, he was considered an appropriate appointment to the Group.”

Also, if you're curious, InternetNZ and ISPANZ weren't asked to participate in the IRG.

IRG reviewing sites

The DIA have released conflicting information regarding whether the IRG will actually look at URLs on the list, you know, to make sure they contain material that should be being blocked.

From the Common Questions and Answers page:

“Will the IRG actually review/view the list of sites?
The IRG will be able to inspect the filter list and have access to the inspectors’ reports on any of the sites blocked. They will also be able to check from DIA premises any particular website on that list if they have concerns about it.”

In response to a OIA request that was disclosed with Joshua's OIA, the DIA say:

“The Department will not be subjecting the membership of the IRG to the content of the websites on the filter list. As stated in the Code of Practice, the members of the IRG will be provided with:

• the officers' reports (which identify each website by URL and describe the contents)
• details of all appeal applications and the resulting action taken,
• reports of any technical issues with the filter or connections to any ISP,
• such other information that may lawfully be provided to assist the IRG in fulfilling its function.”

If you're curious, the IRG has reviewed one URL (the Russian child model website). They have the opportunity to review URLs at their meetings, but haven't taken any of those opportunities up (if you're confused and think this conflicts with the first sentence of this paragraph, I am too).

The secret list

Here's what I asked:

“I understand requests for a full copy of the filter list have been previously declined. Could you please send me a list of just the domains from the list of URLs that are blocked, unless the whole domain is blocked (my assumption is if the whole site is blocked it's a site only for child sexual abuse material. I'm looking for the sites that have URLs blocked, but also have non-child sexual abuse content on them).

If [the above] is not possible, the domains of search engines, file sharing locker services, and social networks that have URLs blocked, and a copy of the list with the first domain name part removed, but TLD and the rest of the URL intact.”

Their reply:

“Possession of child sexual abuse material is an offence that carries a maximum penalty of 5 years imprisonment. As the release of part of the URL of the websites being filtered would facilitate a search for such material, the Department is withholding the information requested … in terms of section 6(c) of the Act (where the release of the information is likely to prejudice the maintenance of the law).”

This is a stretch, especially as a reason for refusing to disclose what search engines, file lockers, and social networks have URLs that are blocked.

Note that all other censorship decisions are released. By law, the Classification Office has to publish its decisions, which they do.

The DIA did, however, release a count of the top-level domains (TLDs) of the websites on the filter list as at 12 March 2012:

• .com - 283
• .ru - 93
• .net - 65
• .info - 23
• .biz - 6
• .in - 6
• .us - 5
• .org - 4
• .me - 2
• .tv - 1
• .ir - 1
• .su - 1
• .ws - 1

The prevalence of .com domains on the list is extremely confusing for me. The US Government loves to take them, as well as .net, .org and .tv domains down.

If they can take down a .com domain for copyright infringement (see Megaupload's homepage) why are 353 domains that the US Government should be happy to take care of on the list? Copyright infringement vs. child porn. Priorities people, priorities.

I asked whether abuse reports and take down requests are sent to hosting companies and law enforcement etc. when URLs are added to the filter.

The DIA responded with:

“The Department works with partner agencies in other jurisdictions to get international sites removed.”

The IRG's December 2011 report (pdf) states that:

“Additionally 18% of the users originated from search engines such as google images”.

I asked whether Google was informed of those images:

“We have a very good relationship with Google and they have been made aware of any objectionable links available via their services. The statement in the December 2011 report used Google Images as an example of a type of service. It was not a statement that 18% of users originated from Google Images.”

I asked how long the DIA takes to make Google aware of those objectionable links available through their services. The DIA replied:

“Google is advised of objectionable links available via its services as soon as is practicable.”

Investigator reports

I asked for a copy of all investigator reports held. I received a sample investigator's report (available in the response PDF linked in the introduction).

Here's what the DIA removed:

“Information that would identify the site, including a screen capture of the webpage has been removed in terms of section 6(c) of the Act. Information that would identify officers involved in the operation of the filter have been withheld in terms of section 9(2)(g)(ii) of the Act (to protect officers from improper pressure of harassment).”

The filter and privacy, Google Analytics

I asked for a copy of any contract the DIA has with companies that provide internet services to power the filter, including web and domain hosts for the http://dce.net.nz website (that's the website people are redirected to when the filter blocks a URL).

The DIA say they have “no contracts with providers of internet services that relate to the filtering system.”

I asked what data is collected when someone tries to visit a blacklisted site, including log data collected by the http://dce.net.nz web host:

“The filter only records the service provider name, the resource requested and date and time. No user data is stored.”

In some of the DIA's reports, statistics on device type are included. Device type isn't listed in the Code of Practice as data that's collected. I asked whether other data is collected in the course of the filtering process that isn't listed in the Code of Practice. The DIA said that no other data is collected.

This is from 6.1 of the Code of Practice (pdf):

“During the course of the filtering process the filtering system will log data related to the website requested, the identity of the ISP that the request was directed from, and the requester’s IP address.”

The Code of Practice also says that the requester's IP address is logged and it says that the system will anonymise the IP address. The DIA have previously said that the system retains the IP address for up to 30 days. The DIA clarifies(?):

“When a person requests a webpage that is blocked, the IP address of the requester will be presented to the service so that blocking page can be sent to them. IP addresses are anonymised by the system itself, no record is kept. The filtering system anonymises IP addresses using a tool developed by Netclean. By not logging the data, the system prevents anyone from reviewing source IP. All IP addresses appear as 0.0.0.0.”

The DIA additionally stated that data from the filtering system has never been used in support of any investigation or enforcement activity and that no data from the filtering system has been shared with other departments.

I asked for anything held discussing the implementation of Google Analytics on the http://dce.net.nz website. I also asked what is the data Google Analytics provides is used for and whether any privacy issues were raised regarding the use of Google Analytics:

“Google Analytics is a free service offered by Google that generates statistics about the visitors to a website, in particular the referrers used. Google Analytics is used to confirm other statistics generated from the filter and to provide better reporting to the IRG and public. The Department does not consider the the use of Google Analytics raises any privacy concerns.”

I think it's quite significant that information about New Zealanders is being sent overseas to Google.

I asked whether the DIA has a contract with Google:

“Google Analytics is free software. The terms and conditions for the use of Google Analytics are available at http://www.google.com/analytics/tos.html.”

Curiously, under the privacy section of the Terms and Conditions Google states:

“You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.”

http://dce.net.nz doesn't have a privacy policy.

Google's privacy overview for Google Analytics states again that:

“All website owners using Google Analytics are required to have a privacy policy that fully discloses the use of Google Analytics.”

Google also logs whether the visitor has been to the site before on behalf of the DIA. This isn't disclosed in the Code of Practice (pdf). Google Analytics also collects IP addresses:

“Google Analytics collects the IP address of website visitors in order to provide website owners a sense of where in the world their visitors come from. This method is known as IP geolocation.”

The IP addresses are not passed to the website owner (the DIA), but it's unclear whether Google stores them after the geolocation process has taken place.

From the IRG's August 2011 minutes:

“Andrew Bowater asked whether the Censorship Compliance Unit can identify whether a person who is being prosecuted has been blocked by the filtering system. Using the hash value of the filtering system's blocking page, Inspectors of Publications now check seized computed to see if it has been blocked by the filtering system. The Department has yet to come across an offender that has been blocked by the filter.”

I asked the DIA to explain what this meant:

“Every image, photograph, document or movie found on a computer can be run through a hashing process that will generate, using a mathematical algorithm, a unique hash value for that file. A hash value is a set of numbers and letters strung together and once assigned this hash value cannot be altered. If the same image is hashed twice, the hash value will remain consistent; however, if even 1 pixel of an image is altered that new image will be assigned a new hash value.

When the Department seizes a computer or storage device as the result of exercising a search warrant, as part of the forensic examination of that device, the Department is able to look to see whether the offender has been blocked by the filter by looking for the unique hash value generated by objects on the blocking page.

While this information plays no part in the prosecution of an individual, it is useful in understanding the behaviour of persons who access child sexual abuse material and the effectiveness of the filtering system.”

This probably doesn't take into account the fact that some people have visited the http://dce.net.nz website without being redirected there because of trying to access a blocked URL (like me, and if you've clicked on the link, you too).

Correspondence with ISPs

I asked the DIA to send me any correspondence, electronic, written or otherwise, with ISPs regarding them joining or leaving the filter.

Here's what I received:

• An email (14/7/08) from the CEO of TelstraClear to the Minister of Internal Affairs and the Minister's reply (20/08/08);
• Emails between the Department and Callplus (21/10/08 and 30/10/08). Technical information regarding the operation of the filter and information regarding its location has been withheld under section 6(c) of the Act. The telephone numbers of officers have been withheld under section 9(2)(g)(ii) of the Act.
• A letter from the Department to Telecom (29/09/09).
• Emails between the Department and Telecom (1/11/10) regarding a draft press release.
• A letter from the Department to ISPs (list enclosed) explaining the filtering system and inviting them to contact the Department for more information. The telephone numbers of officers have been withheld under section 9(2)(g)(ii) of the Act.

Other correspondence with Telecom was withheld under:

• 9(2)(ba)(i) of the Act (to protect information which is subject to an obligation of confidence where the making available of the information would likely to prejudice the supply of similar information, or information from the same source, and it is in the public interest that such information continue to be supplied);
• 9(2)(j) of the Act (to enable the Department to carry on, without prejudice or disadvantage, negotiation); and
• 9(2)(h) of the Act (to maintain legal professional privilege).

Here's Allan Freeth, TelstraClear CEO to Rick Barker, Minister of Internal Affairs:

“We will add a filter to all web browsing by Clearnet and Paradise customers that stops browsers from accessing known child sex abuse sites around the world. There are more than 7,000 such sites…” “While we believe the Internet is a wonderful source of information and that people have the right to determine what they view based on personal taste, there is nothing positive about content that reflects the suffering of children.”

This is Rick Barker back:

“While participation by ISPs in the filtering programmes will remain on a voluntary basis, I expect that customer demand will mean that most ISPs will join the programme.”

He also requested that TelstraClear keep information on who has been using an IP address at a specific time for longer because ISPs are only storing information for the amount of time they require it (which is exactly what they should be doing). Note that he thinks that ISPs shouldn't place so much importance on what the Privacy Act says:

“The importance of Internet Protocol (IP) address data to DIA investigations has been recently drawn to my attention. The identification of individual computer addresses and the ability to correlate this information with the location of those computers is vital to catch offenders who distribute images of child sexual abuse. I am advised that ISPs consider that, in terms of the Privacy Act 1993, they are required to dispose of information related to IP addresses once this information is no longer necessary for the operation of their businesses. While it is up to each ISP to determine how long they keep this information, I was concerned to learn that some ISPs retain this information for only a very short time. I hope that we can continue to build on the successful partnership between government and business and that TelstraClear will continue to support my Department's investigations by retaining IP address data for a longer period of time.”

Telecom was given as a reason why other ISPs should join the filter. In a 21 October 2008 email to Callplus, the DIA claimed that “Telecom is coming online very soon”. Telecom released a press release saying they were joining the filter on 3 November 2010.

In October 2008 Telecom still had doubts about the filter, including the legality of it.

Here's a portion of a 29 September 2009 from Keith Manch, Deputy Secretary, Regulation and Compliance at the DIA to Dean Schmidt, Telecom Senior Executive Government Relations and Grant Fraser, Telecom Senior Solicitor.

“Telecom's cautious approach to date is understandable. However, as you are aware there is a compelling case that any ISP's participation in the website filtering system is lawful.

This case is based on the argument that redirecting a get request to the Whitebox and then to the Department's server is not an interception. In addition, even if a get request is a communication, and we suggest that it is not, then it is certainly not a private communication, because there can be no reasonable expectation of privacy in respect of a request that is analogous to the address on an envelope. Finally, even if a get request is in fact a private communication, there might be an argument that the ISP is a party to that communication.

Telecom should feel reassured that making out any one of these four points would be enough to ensure that the prohibition in section 216B of the Crimes Act 1961 is not breached.

If Telecom has any residual concern that redirecting a get request into the website filtering system is an interception of a private communication, then we suggest it proactively obtain the express or implied consent of its users, through the use of on-line terms and conditions of use. This would ensure that Telecom is a party to the communication, and that the offence provision in section 216B would not apply.

The Department has considered whether to utilise the provision in the Crimes Act to make an Order in Council exempting an interception device from the provisions of Part 9A. The Department does not intend to do so as we consider this unnecessary in light of the points made above. We do not see the Whitebox software as an interception device, and as a result think it would be inappropriate and confusing to seek an Order in Council premised on it being such a device.

Finally, I note your concern that regardless of the strength of our view that what is occurring is entirely legal, someone may seek to challenge it. While I accept that the potential for challenge to arise cannot be completely discounted, I suggest that this risk is minor in comparison with the benefits of joining the website filtering system. Should a challenge emerge, to the extent the Department is able to assist to overcome those proceedings, we would do so.”

And Telecom did add the following for their terms and conditions for broadband, Xtra, mobile broadband, and mobile:

Department of Internal Affairs Digital Child Exploitation Filtering System
Telecom will intercept communications for the purposes of the Department of Internal Affairs' Digital Child Exploitation Filtering System and in continuing to use Telecom's services you acknowledge and consent to this.

You can also see the final changes to Telecom's press release through emails sent between Telecom and the DIA's PR staff.

Telecom Retail CEO, Alan Gourdie's quote was changed from:

“The abuse and exploitation of children is intolerable and this filter works to block access to the worst-of-the-worst child exploitation websites.”

to

“The abuse and exploitation of children is intolerable and this filter works to block access to known child exploitation websites.”

and

“The system will be applied in coming weeks.”

was added to the bottom of the release.

IRG minutes refer to detailed traffic reports and information about patterns which is given to ISPs.

In the March 2011 IRG meeting minutes:

“Officials noted that more detailed reports on traffic through the filtering system is being distributed to each ISP. ISPs use this data to assist in the management of their systems, including the operation of their internal filtering systems that they offer customers.”

And October 2010:

“Officials noted that the data obtained from the filter can demonstrate patterns of requests for blocked websites that may be of interest to ISPs. This information includes the 50 most blocked sites and the time of day that the filter is most active but cannot identify particular ISPs. The Group agreed that the DIA should draw any such patterns to the attention of ISPs.”

I asked for this information, but received this:

“The information has been withheld under section 9(2)(b)(ii) of the Act (would be likely unreasonably to prejudice the commercial position who is the subject of the information).”

Integrity of the list

I asked whether a URL could be added to the filter list without the approval of three inspectors and without the knowledge of the IRG, and what the limitations are that would prevent that from happening:

“No. The addition of a URL to the filter list requires three inspectors of publications to agree that the website comes within the scope of the filter system. Once a change to the filter list is agreed, only one officer has the ability to edit the filter list. As the task of reviewing the filter list is shared between members of the Censorship Compliance Unit it is unlikely that the same three inspectors will be involved in the review of a website.”

What does the filter achieve?

I asked whether the DIA has any statistics or figures to back up what they say on the Common Questions and Answers page:

“In the long term, if it is made more difficult for persons with a sexual interest in children to access this material, the market will decline and fewer children will be exploited.”

“The Department firmly believes that if the market for child sexual abuse material is reduced, then fewer children will be abused to support that market. The problem is a global one, to which the Department's website filtering system can only make a small contribution. The Department therefore has no statistics or figures to confirm that the filtering system has lead to fewer children being exploited.”

Chief Censor

I asked whether the Chief Censor has been consulted over decisions relating to the filter.

I received this reply:

“Many of the publications blocked by the filter have been the subject of classification and are therefore on the online database of classified material that is accessible on the Office of Film and Literature Classification website.”

ISPs that were asked to participate/sent a letter about the Digital Child Exploitation Filtering System

If you want to know who was asked (pdf), but didn't cave.

• Actrix
• ASC Data
• Airstream Metworks [Networks?]
• Airnet NZ
• BorderNET
• BorgWiFi
• Compass Communications
• Plain Communications
• Cybermedia New Zealand
• Enternet Online
• Evolution Wireless Consultants
• Teldave Communications
• Farmside
• Freenet
• GetRheel
• Go2 Internet
• AGRE Enterprises
• Helix Wireless Ltd
• Internet Hawke's Bay
• ICONZ
• Inspire Net
• KC Internet
• Kinect
• Kiwi Online
• KTSA Internet
• NATCOM
• Netsmart
• Netspeed Data
• NZNET Internet Services
• NZWireless
• Orcon Internet
• PlaNet Internet
• PrimoWireless
• Slingshot
• Snap Internet
• TelstraClear
• thepacifiicnet [thepacificnet?]
• The Packing Shed
• thinair Communications
• Uber Networks
• Vodafone New Zealand
• Web World
• WirelessWeb
• WIZwireless
• Woosh
• WorldNet Services
• Xnet
• Xtreme Networks

• Very few people (only 9%) knew whether their ISP used the government filter. The ISPs using the filter represent more than 90% of the NZ internet market.
• Less than a quarter (23%) wanted the government choosing whether to filter their internet connection.
• Two-thirds want the filter to include other, non-specified, content.

Tech Liberty's Comment

We've always been opposed to the government's internet censorship system but support the right of people to choose filtering for themselves or their families. We're pleased to see that the people of New Zealand agree with us, rejecting the idea of letting the government impose centralised censorship.

Unfortunately we already have such a system. While it is voluntary at the ISP level, their users get no say in the matter and this survey shows that most are unaware that they are covered by it. We also note that with Telecom, Vodafone and 2 Degrees all having implemented the filter there are no major providers of censorship free mobile data in New Zealand, further undermining any voluntary aspect to the current filter.

At the same time it also seems obvious that the internet has a lot of disturbing content that you might want to block other than just child pornography. Therefore it makes sense that someone wanting "cleaner internet" at their home would be looking for a more general purpose filter than the government's one. A number of ISPs do offer such a service (either free or as an add-on) and it seems that they should be promoting this further.

In conclusion, it seems that the survey shows that the current government internet filter is implemented the wrong way for the wrong purpose and by the wrong people.

We recognise that "big media" still has a lot of influence in New Zealand but that this influence is declining as the internet gives people the ability to:

• self-publish ("little media")
• share and distribute self-published articles
• publicly critique the work of big media.

This change can be seen in the way that online media such as blogs used to be very reactive to work published in newspapers and TV, but now newspapers and TV are increasingly picking up stories from blogs and other forms of social media.

Much of the rest of the review was about how the media should be regulated but we believe that the need for greater media regulation has not been established.

Defining news media

The review suggests that regulation could be a trade-off for official recognition of news media, and spends a lot of time discussing who would be included in the definition of "news media". We believe any definition would either be so broad as to be useless or so narrow that it would miss out many people and publications that arguably should be covered. This is especially true as journalism continues to develop and change in the internet age.

Special privileges for news media

The review suggests that we need a definition because some laws refer to the news media to bestow special privileges. Our preference is that these privileges should be extended to all citizens (e.g. replace the media "fair dealing" section in the Copyright Act with a more general "fair dealing/fair use" provision for all people) or should be available to all people when they are acting as a journalist.

Furthermore, any organisation that wish to include/exclude "news media" can make their own determinations as to who that is rather then relying on a government mandated definition.

External regulation

We do not believe that there is a need for an external regulator. Indeed, as the internet gives people the means to publicly criticise the output of big media, the need for a regulator is reduced compared to the days when only a very limited number of media companies could get their views out (due to limited airwaves or the need to own a printing press).

Current regulation is also generally quite ineffectual. The original message still goes out and then any correction is ignored as the issue is no longer "news". Regulation tends to be after the fact score-keeping at best.

Any publishing company or journalist who wishes to be taken seriously has the ability to form a group and create their own code of ethics and regulator. The Press Council is an example of this and we do not see why other media groups who wish to be taken seriously could not do the same.

Finally, if there was a regulator our view was that it should be in the form of an Ombudsman with the ability to make morally rather than legally binding decisions.

Malicious speech online

The second part of the review was about harmful speech online.

We agreed that malicious speech online can be a problem just as it is when face to face Furthermore, the nature of the internet means that the malicious speech can both spread further and remain available longer.

We believe that the law is limited in what it can do about people being nasty to each other, either online or in person. Even if current law could deal with these issues, the international nature of the internet and the inevitable jurisdiction issues would mean that only a small proportion of problems could be resolved.

That said, many of the more contentious issues will be conducted by people who know each other well and probably even live in the same area. The law should be able to deal with issues of harassment using existing laws (possibly with the tweaks identified by the Commission to ensure that online communications are definitely covered).

We reject the idea that speech online should be held to a higher standard than any other form of speech.

We do support the creation of a new crime of "malicious online impersonation" with the caveat that it must be very careful not to include obvious cases of parody and other forms of non-serious impersonation.

No ISP responsibility

We oppose any attempt to make ISPs responsible for taking down or blocking information either hosted on their network or available through it. This is because ISPs typically have no visibility or control over the material that their customers might store on servers hosted with the ISP. Typically an ISP will only have one option - passing the request on to the publisher or turning off the entire site. Closing down an entire site would seem a gross over-reaction to the content of one offending post or comment.

It does seem appropriate to us that an ISP might have a responsibility to pass on a takedown message to the site owner (similar to the copyright legislation) or, upon presentation of a suitable court order, reveal the identity of the site owner so that legal action can be taken.

You can read more about the TPP treaty, or why we think it's flawed, but this update is based on what we've been reading and a briefing from NZ officials today.

Firstly, the negotiators now have a consolidated draft text that they are working through slowly. Apparently the intellectual property (IP) sections are the most contentious with a lot of major differences still to be resolved.

Secondly, the main IP alternatives are the US proposal (leaked here and similar to other recent trade deals signed by the US) that would see copyright laws become more restrictive, more punitive and less just, versus the NZ/Chile ideas (leaked draft papers) which are largely based on TRIPS and allow for more flexibility between countries and even include some protection for consumers rather than just large media companies.

Thirdly, the US proposed IP chapter goes even further than what they originally proposed for ACTA (which was substantially watered down during the negotiating process). It includes internet account termination, statutory or triple damages in civil suits, an extension of what would count as criminal copyright infringement, allowing copyright holders to ban parallel importing, and criminal penalties for circumventing copy protection measures even if you weren't breaching copyright. As is typical with these types of proposals, respect for the right to due process and a fair trial are sadly lacking.

Finally, the whole process is still very secretive with little information getting out. There is not intention to release any draft texts, and the countries involved have even agreed not to release details of negotiations until four years after the treaty is signed.

What you can do

There's still a long way to go in the TPP negotiating process and there's still room to demand a better treaty and a more open process. Write to your MP and make sure they're aware of what's happening and that you're not happy about it

Considering joining TPP Watch if you're opposed to the whole treaty, or on the IP front NZ Rise is doing good work on sticking up for our local IT industry while Creative Freedom Foundation NZ is defending the interests of local artists.

You can keep up with TPP news with the TPP Digest or by following Michael Geist, Knowledge Ecology International and Public Knowledge.

Comment

We have little faith in the fairness and appropriateness of the US's laws and processes around copyright and intellectual property. The US government is continually strengthening its copyright laws at the behest of the entertainment industry (see SOPA and PIPA) and is trying to pass laws that we would not like to see copied in NZ.

Will this NZ police cooperation lead to New Zealanders being arrested and handed over to the US for doing things that may not be serious offences in New Zealand? Which other countries' laws do New Zealanders have to obey when using the internet?

Whether this case is an example of good international cooperation or the US demanding other countries help enforce bad law is yet to be determined. We will be monitoring this issue closely and hope to publish more information as it is available.

Media Links

• FBI charges seven with online piracy (Wall Street Journal)
• Megaupload's Kim Schmitz arrested in Auckland, site shut down (3news)
• File-sharing website Megaupload shut down, NZ-based founder arrested (PC World NZ)
• File-sharing kingpin arrested in New Zealand at US officials' request (NBR)
• 'We're not pirates, we're just providing shipping services to pirates' (Wall Street Journal Law Blog).
• Why the feds smashed Megaupload (Ars Technica).
• Megaupload attempting to get back online (Stuff NZ)

Useful Links

• The FBI press release.
• The indictment.
• Statement from the NZ Police.
• The NZ extradition treaty (PDF) with the US.
• Ministry of Foreign Affairs and Trade's information about extradition from New Zealand
• Yes, copyright infringement can be criminal in New Zealand with imprisonment up to five years.
• Damning quotes from the MegaUpload owner's email.

The omissions are significant and make it harder for the accounts holder to challenge the notice on the facts, but we believe there are excellent grounds for challenging the notice because the notice itself is invalid. The rights holders may or may not accept this but ultimately it will be up to the Copyright Tribunal to make the final decision.

Notice Requirements

So, what are the requirements for a valid infringement notice? They're spelt out in two places - the Copyright Act (mainly section 122) and the associated Copyright (Infringing File Sharing) Regulations. We'll only be looking at the requirements for the notices from the ISP (internet service provider) to the account holder (the person paying for the internet connection).

A detection notice must include:

1. The name of the rights owner (or their agent).
2. The name of the owner of the copyright of the work.
3. The name of the work that is alleged to be infringed.
4. The type of work it is (from the list at section 14(1) of the Copyright Act). This is one of literary, dramatic, musical or artistic works; sound recordings; films; communication works; or a typographical arrangement of a published edition.
5. What they're accusing you of doing to infringe copyright (from the list at section 16(1) of the Copyright Act). This includes copying, issuing copies, performing, playing or showing it in public, making an adaptation, or authorising someone else to do any of those).
6. The date of the infringement down to the hour, minute and second.
7. The internet IP address where the infringing is alleged to have occurred.
8. Identify the file sharing application or network used in the alleged infringement.
9. The date of the notice.
10. Explain the consequences if further infringing occurs.
11. Explain how to challenge the notice and give either a form to fill out or a link to an online form.
12. Include an infringement number. This number must be unique, indicate whether it is a detection, warning or enforcement notice, and identify the ISP sending the notice.
13. Include the ISP's contact details.
14. Include links to the relevant section of the Ministry of Economic Development's website.

A warning notice (the second notice after a detection notice) must include all of that information as well as:

1. Identify the relevant detection notice that this is the follow up to.
2. List any other alleged infringements that the account holder has detected since the detection notice.

An enforcement notice (the third notice) must include all of that information as well as:

1. Explain the enforcement action may now be taken against the account holder.
2. Explain that no further infringement notices can be issued by that rights holder until the end of the quarantine period (35 days from the date of the enforcement notice).

Challenging a Notice

When you receive a notice you have 14 days to challenge it before it is regarded as being accepted.

If you receive a notice, we suggest that you check it very carefully. If it is incorrect or omits required information you should challenge it. It will be up to the rights holder to decide whether to accept your challenge, but any challenges can also be used in your defence if you appear before the Copyright Tribunal. The notice will include instructions on how to challenge it.

We wanted to know whether New Zealand telecommunications companies are installing this sort of software on the phones they sell to us.

Telecom deny that they used anything of the sort:

No, we do not use Carrier IQ. Our devices do not come loaded with this type of software and we don’t have an agreement with Carrier IQ or any other company that implements tools like this.

Vodafone also deny using such software and make a good point about it contravening the Privacy Act:

Vodafone would never knowingly contravene the privacy act and to the best of our knowledge this software is not on any of the devices we sell.

Telstraclear have also denied it (brevity due to denial being via Twitter):

@TelstraClearNZ No, our devices do not keylog. ^TN

2 Degrees joins the rest:

No, we haven’t. The only customer information 2degrees records is for billing purposes. We don’t monitor our customers’ handset activity or request that any software to do so is installed on devices.

Thanks to @nzkarit on Twitter for his assistance with this article.

This is the transcript of a speech given by Thomas Beagle at Kiwicon in Wellington on November 6th, 2011.

Hi everybody. I'm Thomas Beagle from Tech Liberty. We're a lobby group dedicated to protecting civil liberties in the digital age.

I'm going to talk about how the government is protecting us by using technology to make us safer and happier people – while possibly not caring so much about our freedom.

Now, in the tech field we often laugh about the government and the law being one step behind - I bet more than one of you has looked at the new copyright law and thought "Ha, they're cracking down on torrenting but these days I get all my content via usenet!"

The problem is that this goes both ways. Sometimes it's the government that is using the new technology and the it's the laws we use to protect ourselves that haven't caught up with it yet.

Automated Number Plate Recognition

I'm going to start with automated number plate recognition because there's a good chance many of you won't have heard of it and it provides a good example of the way digital technology is changing things. But what is it?

It's pretty simple really - it's a camera that gets installed in a police car. It recognises the number plates of passing cars and checks them against a central database. Get a match to a "vehicle of interest" and the police can pull over the car and have a little chat with the driver.

Now you might think that sounds pretty innocuous, it's just automating an existing manual process. And it means that the police will spend less time and money catching more bad guys. How could anyone have a problem with that?

Of course, you lot have probably already worked out the problem. It's more than just a simple database lookup - it also includes the date, the time and the place. And it’s doing it for every car. And it’ll end up being installed in every police car. So the police are going to end up with an ever-growing database of car sightings that will let them know where you have been.

Tracking someone used to be hard.

Automated number plate recognition is going to make tracking easy. You don't need a whole team of people, you don't need to install a GP tracking device, you don't need to get a court order to access mobile phone data - you just install ANPR devices everywhere and then you can ask the database whatever you like. Because you're storing historical data, you can even go back in time - "Where did car X go on the night of May 5th?"

It's the sort of information that a totalitarian regime would love to have. It's the sort of information that an over-zealous police force obsessed with green or brown terrorism would use. But is it the sort of information that we want our government to have about everyone?

At one time the answer would have been no. When tracking devices became practical, the law was changed to make the police have to have a warrant before they could use them. Of course, the law change was partly to enable police to trespass to install the devices, but us civil liberties types have to take what we can get. This new automated number plate recognition system could be implemented without the need for any law changes or any oversight - and the NZ police are trialling it at the moment.

Search warrants

Another example of how the government’s use of tech is outpacing the laws we use to protect ourselves - the common or garden search warrant. Let's say that you're suspected of embezzling funds, or armchairs, from the company you work for. A complaint is made, the police investigate, they get a search warrant and kick down your door.

In the old days you'd expect them to take any sort of financial papers, documents, etc, etc. But would they take your old love letters or the family photo album? Of course they wouldn't, and the terms of the search warrant wouldn't let them.

Things are different now - sure they'll take any papers they find but they're also going to take your computer and any other digital storage on the premises. And, well I don't know about you, but my entire life is on that computer. My business files, my letters, my medical records, my family photos, ... my not so family photos... all in the hands of the police. All available to be indexed and searched with the police able to keep a copy indefinitely.

Once again, the law hasn't changed but the digitisation of information means that the effect of the law is much more oppressive.

Customs

And while I'm on the subject of searching computers, did you know that Customs have the power to seize any digital device or storage coming into the country and examine the contents? They can even take copies of the device for review later.

This is not just theoretical – they have been doing it. We got a complaint from someone about them taking his netbook as he returned from holiday in Samoa, and of course there were the Switched on Gardening people who had their phones and laptops taken every time they crossed the border.

In theory Customs can only do this to look for contraband or censored works, but it seems very likely that they are using this power at the behest of the police to do the searches that the police legally can't. You might want to bear this in mind the next time you cross the border.

Civil liberties

The question has to be - do we want to live in a society where our movements and secrets are open to the authorities? It's traditional to mention Orwell's 1984 at this point - not least because it is such a terrifying view of the surveillance state that we're rapidly developing the ability to implement.

How do we decide what is acceptable and what isn't Trying to come up with answers to this question is one of the reasons we founded Tech Liberty. We saw that one of the best ways to look at this is through some rather old rights such as freedom of speech, the right to due process, the freedom from unreasonable search, and the recent addition of the right to privacy. And some of our new laws are stomping all over them.

But I promise this isn't a recruitment session! Instead let's start running through some of the things happening at the moment in New Zealand.

Control of the internet

The big one is control of the internet. Over the past 7 years there has been a three way legal combo attack that, as far as I'm concerned, means that the government has largely won.

The first part of this combo is the Telecommunications Interception Capability Act of 2004, known as TICA. It simply says that communications companies - telcos and ISPs - must provide facilities for law enforcement and intelligence agencies to be able to intercept communications - phone calls, data, etc. Sure, they have to have a warrant, but as our judges have declined just 1 of the hundreds of applications for interception warrants in the last three years, I think we can assume that that isn't too difficult to get.

Second is the internet filter implemented by the Department of Internal Affairs. There is no law enabling this and therefore use of the system is "voluntary" by the ISPs - but I note that in the UK they made moves to make a similar system mandatory after some of the smaller ISPs failed to realise they were meant to volunteer. Right now over 90% of New Zealanders get their internet through a connection that is censored by the government and, unlike the rest of our censorship laws, they refuse to tell us what has been blocked.

Finally, our new copyright law to stop the evils of infringing file sharing has two interesting provisions. The first is that ISPs are obliged to keep records of which account had which IP address at any one time. Secondly the government has decided to skip all that messy having to prove you actually did something bad, and has decided that they can penalise the account owner for anything done through their internet account.

So, this three way combo means that the government has established that it has the right to control where we can go on the internet, it has the right to monitor what we do, and if someone does anything it doesn't like, the government has someone it can punish.

Now this is currently being done with a fairly light hand - they only filter "the really bad stuff", they have to get a warrant to monitor or intercept, and no account holders have been fined yet (although the first notices have just gone out) - but it means that the tools are in place and ready to be extended as required.

For example, currently it's the Department of Internal Affairs who choose what to censor and I believe them when they say that they want to limit the use of the filter to child pornography... but they're not the only ones with influence. How about the courts - a judge in the UK has just ordered British Telecom to use their "really bad stuff" filter to block access to a file sharing site - because the tech is available. Or what happens if there's another media scandal about bomb-making instructions on the internet and some politician thinks that the government must come up with a solution - again, the technology is there and ready to be used.

Of course, you're all sitting here thinking "haha, I am elite masterhacker and I use encryption and VPNs, they'll never catch me!". And to a certain extent you're right - the careful and technically savvy person can avoid some of these things to a greater or lesser extent (although of course, your VPN has to come out in a legal jurisdiction somewhere...). But while this is all right for you and me, what about everyone else in New Zealand? Don't they deserve some freedom and privacy as well? When governments oppress people, it affects all of society.

Cameras

What else is happening? I think we can safely assume that the number of surveillance cameras, both govt and private, continues to rise. At some point the promise of facial recognition might even live up to its marketing claims.

But there are also special cameras. Customs have been trialling the naked body scanners even though the Aviation Crimes Act expressly forbids use of technology that shows the naked form. Customs claims that the law only applies to the use of scanners to detect weapons and other threats, whereas they're using them to detect contraband. In other words, either they're lying - or they're willing to invade your privacy by taking naked pictures of you to find counterfeit Rolex watches.

Privacy Act

Of course, we do have the Privacy Act. People and companies can't just give your private info away, right? Well, first you have to worry about the jurisdiction that your data is in - services based overseas may not have the protections we do.

But even in New Zealand the act includes a provision that you're allowed to release information "to avoid prejudice to the maintenance of the law". You may think that the police would need a warrant or court order to get Trademe to release information about you, but they're happy to admit that they will give the police any assistance that they request. Do you know whether the NZ companies you deal with will stick up for your privacy?

The Law Commission has just finished the review of the Privacy Act and we're expecting to see a bill to modify the law soon. The good news is that they intend to make the Privacy Commissioner a little less toothless. More interestingly, they've recommended making it a responsibility to notify people if security is breached and personal data is stolen. I think this is a good idea and, for any black-hats out there, it's going to make cracking the right targets just that much more satisfying when they're obliged to put out a press release telling everyone about it.

TICA and Search & Surveillance

Speaking of reviews, earlier I mentioned TICA, the Telecommunications Interception Capability Act. There's a general perception that the law doesn't work well, with both law enforcement and comms companies struggling with the lack of specifics. The Ministry of Economic Development is planning a review of the law next year. I think it's going to be one to keep a sharp eye on as law enforcement is never shy about asking for more powers.

The best example of that is undoubtedly the Search & Surveillance Bill. The Law Commission was asked to review and revise our rather chaotic laws around search & surveillance. Now, they could have had a serious look at what sort of invasive powers we let the government have in a free and democratic society - but instead they just gave the police and everyone else whatever they asked for. I still find it hard to believe that they thought it appropriate that even the local city council could apply for a search warrant to put a hidden video camera in your bedroom.

The original version was so over the top, and so badly drafted that it got sent back to be rewritten somewhat, and you can tell it’s still bad because then the govt chickened out and put the rewritten version on hold until after the election. Some of the things I'm particularly unhappy about are the lack of notifications - how can you challenge the government for doing an illegal search if you never find out that it was done? There’s also further erosion of the right to silence through the extension of production and examination orders to more types of crimes.

But one part you should all be aware of is related to searching computer systems. If you have "relevant knowledge" of the system being searched, you can be compelled to assist in the execution of a search. Refuse? You could be jailed for up to three months.

Now this could be unpleasant for a number of reasons - who wants to be caught up in someone else's drama just because you're a sysadmin or work at an ISP? But what if the assistance you're asked to provide is "Crack the encryption on these files"? How well do you think the average judge will understand that cracking a well designed encryption system isn't exactly trivial? After all, they watch TV, they know hackers can get into anything with few minutes work.

Why do we get these laws and why are they often so bad?

The final thing I want to talk about is - where do these laws come from and why are they often so bad?

Wikileaks very clearly showed that our new copyright laws are a result pressure from the US. And they’re still going – now it's the promise of a free trade treaty, the Trans Pacific Partnership, where the cost of joining and getting better access for our agricultural products will be gutting Pharmac and implementing stronger IP laws.

Then there's our local politicians who need to be seen to be doing something and are always happy to pander to the law and order trolls to get votes. Don't you trust our brave boys in blue? Of course they need more powers to stop these evil islamic Greenpeace terrorists!

Unfortunately "something" is often ineffective or has undesirable consequences. We end up with King Canute laws - someone is standing on the beach and ordering the tide to stop coming in, and it's not doing a lot of good.

Will our new copyright laws stop file sharing? No, but they have undermined our right to a fair trial.

Will the internet filter stop children being abused? Of course not, but it has given the government a new system designed for mass censorship.

Will naked body scanners stop terrorist attacks? Well, we don't have any terrorists so maybe this one will be effective!

Political solutions

Kiwicon is a very technical conference but these aren't technical problems with technical solutions. Instead they're political problems and the solutions also have to be political. The good news is that in New Zealand we do have, no matter how much people sneer at it, a working democracy.

You can get involved, you can give an opinion, you can help educate our politicians, you can influence our laws.

And this is the point where I say that Tech Liberty needs more people who want to be involved in that political process, that we have a website at techliberty.org.nz, and thanks very much for listening.

These talks have included meetings with representatives from IPSafe (www.ipsafe.co.nz) and Datacom (www.datacom.co.nz). IP Safe's website is rather minimal and they have not responded to our queries. Their record at the Companies Office lists three directors, Chris Riddell, Wared Seger and Adel Shahin.

They also note that the Telecommunications Carriers Forum (TCF) submission about the law suggested that a centralised system run by the government would be the best approach, but this was not picked up by the Select Committee.

The MED goes on to say that they are not in the process of considering such a system and "that specific arrangements for the implementation of the Act are a matter for Internet Service Providers to agree on between themselves."

The questions have to be: why is Datacom involved and who are they working on behalf of? Who are IP Safe and what is their involvement?