We've been keeping track of the Police use of new surveillance and tracking technology. We asked them what they've been doing with drones and here are the more interesting/informative answers (Police letter, 19th February 2013):
- The Police currently have one aerial drone.
- They don't have a specific budget for it and claim not to know how much they've spent on it so far.
- They say that they can use it for tracking people and cars but promise to do it in accordance with the Search & Surveillance Act. We note that our interpretation of this says that they need a tracking warrant to use an electronic tracking system but we don't know if the Police agree with this.
- The Police believe that their current policy concerning video recording operations and events also covers their use of drones.
- The Police have been contacted by the Privacy Commissioner re their use of drones and will be meeting with them soon.
- The Police expect their drone trials to finish by the end of 2013.
You may also wish to read this article about drones by David Beatson at NZ Pundit.
We're going to be following up to get more information. If there's any questions you want asked, please leave them in the comments.
One of the most common topics of the emails we receive at Tech Liberty is the placement of video cameras. People worry about them where they work, in the street, and on their neighbour's properties.
This guest post is from Yuri Wierda, a licensed security consultant, and he's concerned about the increasing popularity of security cameras in public toilets:
I have personally refused to install cameras in toilets and have talked a few clients out of doing it. I believe cameras in toilets are immoral and may be illegal. Part of my responsibility when advising people on security is ensuring that they themselves don't break the law.
The argument for cameras in toilets has been that it reduces vandalism.
While there may be signs advising people that there is a camera I do not believe that it justifies it or complies legally. There are several situations where signs will not provide informed consent.
- Someone may get changed in the toilet and not see the sign.
- Someone may be blind or illiterate.
- Someone may be intellectually disabled.
- Children may be visiting the toilet unaccompanied.
This creates several privacy and legal issues:
- The intellectually disabled and children CANNOT legally provide consent to being filmed in the nude or partly clothed. Toilets are places where people adjust their clothing and may be partially clothed. Children and intellectually disabled people will not expect there to be a camera filming them. Filming such an event is illegal (s216G to s216N of the Crimes Act) and potentially can (and should) result in serious criminal charges.
- People who have not seen the sign or were unable to read it cannot provide informed consent.
I am appalled that the police has provided advice that it is not illegal.
We've been keeping an eye on the NZ Police trials of ANPR (automated number plate recognition - read our explanation).
The main civil liberties issue with this technology is that the system stores the time and location of the license plate check. Once enough of these systems are deployed they can be used to track people by following vehicle movements, as is being done by a number of other countries. We believe that, at a minimum, there should be some controls on how this data is stored and used, for example by having to apply for a tracking warrant.
The Police themselves have been sending out mixed messages about whether they're keeping the information and whether they'll be using it for tracking, as documented by our article. At the end of that article we said we were seeking further clarification from the Police.
Police confirm they're not keeping ANPR data for tracking
We have now received a letter (PDF) from Superintendent Carey Griffiths in which he explains:
All three patrol cars and one of the vans have the capacity to store information for up to a two or three day period depending upon operational use. In general the information is not stored for any longer than a shift period which can vary from an eight hour to a ten hour shift.
One of the [two] vans has a system known as BOSS ( Back Office System Software) and this system has the capability to store information for a longer period ... The BOSS system settings have recently been amended, and the information is now only stored for a maximum of 48 hours.
It seems clear from this that the Police will not be keeping the ANPR data.
Police believe they can't track without a warrant
Furthermore, Superintendent Griffiths goes on to say that:
Police considers that with so few cameras, the technology cannot be used to "track" vehicles. In any event, Police cannot track vehicles other than in accordance with the Search & Surveillance Act 2012.
This contrasts strongly with what the Police said in a letter from December 2011:
There is no requirement for police to apply for a warrant for any ANPR information as it is gathered in a public place.
This change in attitude is quite interesting. The Search & Surveillance Act only refers to getting a warrant for tracking when it involves the use of a tracking device (s46). We initially took this to refer to getting a warrant to allow the installation of a "bug" on the car or person to be tracked.
However, tracking device is defined as "a device that may be used to help ascertain, by electronic or other means ... the location of a thing or a person".
Could one define an ANPR system as a tracking device and would the Police then have to get a warrant to use it to track people? It seems that the Police now think it would. The same argument would also seem to apply to using mobile phones to track people.
In our opinion this interpretation would fit in both with the purpose of the Act and the requirements in a civil society for oversight of the use of this type of mass surveillance.
We're pleased that the Police are not attempting to implement the sort of pervasive people/vehicle tracking systems that are becoming popular in some overseas jurisdictions. We do not think that this sort of police state behaviour has any place in a free and democratic New Zealand.
Furthermore, after some problems with illegal surveillance in recent years, it's good to see that the Police are taking their responsibilities under the Search & Surveillance Act seriously.
We will continue to monitor the Police use of ANPR technology and look forward to receiving copies of the assessment from the Privacy Commissioner and the final Police report into their test ANPR deployment.
ANPR stands for automated number plate recognition.
It’s a camera that can automatically recognise and read license plates on cars and then checks them against a central database. If the plate matches a “vehicle of interest”, the police can then decide to pull over the car and talk to the driver. ANPR cameras are typically deployed in police cars and in fixed installations by the side of the road.
The current state of ANPR in New Zealand
[Edit: there is some inconsistency between the information available over multiple letters from the Police and that reported in Police News.]
[Edit 2: Superintendent Carey Griffiths has denied that the Police will be storing the ANPR data and using it for tracking. We have asked the Police Commissioner for clarification.]
According to the June 2012 edition of Police News, the NZ Police have been trialling ANPR since 2009. This has involved four mobile ANPR units which are not that sophisticated in that they need two people to operate them (one to drive, one to watch the screen).
In theory the trial ended in January 2012 but it is our understanding from Police News that they are still using the current four ANPR vehicles (2 in Auckland, 1 in Waikato/Eastern and 1 in Christchurch/Southland) and are looking at deploying another couple.
We have requested copies of reports about the trial and any recommendations about further deployment of ANPR systems.
Thanks an OIA request by Alex Harris we also have a draft copy of the ANPR manual. There is also an associated letter where the Police report that the trial began in 2010 and has consisted of only two units for a limited time in Counties Manukau and Wellington, with them currently deployed in Counties Manukau and Waitemata.
The Police answer questions about ANPR
Some questions and answers from letters to the police about ANPR (questions are ours, answers are from the Police):
Q. What data is stored with each record (e.g. location, time of day, etc)?
A. The time date and a photograph of all vehicles passing the ANPR camera is stored.
Q. Will this information include the location of the ANPR device at the time of the lookup?
A. Yes it will include the location of where the device was deployed.
Q. How long will the data for each captured license plate be kept for?
A. Data of vehicle movements captured during ANPR deployments will be retained on a secure Police database. In time this information may be deleted with it is no longer required for the purpose it was obtained. Police may search the stored data if there is a belief that there may be information relating to a crime.
Q. Are the police considering using the information stored in the ANPR database to track vehicles?
A. The ANPR system alerts police to vehicles that are a vehicle of interest to police recorded in the vehicles of interest database.
Q. If so, do the police believe they would need to apply for a warrant to use the information in this way?
A. There is no requirement for police to apply for a warrant for any ANPR information as it is gathered in a public place.
Why does ANPR make us worried?
If ANPR was simply used by the police to help find people they are actively looking for, we’d probably have no argument against it.
The problem is that it’s more than just a simple database lookup. That central database isn’t just responding to queries, it’s also storing the date, the time and the place for every car that passes the ANPR camera.
So the police end up with a very big database of car sightings – which gives them the ability to track the movements of any car they wish. Even more worrying is that they can keep this data for as long as they like and therefore “go back in time” by entering queries for any day since the database was started.
The technology is rapidly getting cheaper and could easily end up deployed in every police car and in fixed places around major cities and roads, allowing for near total coverage.
There are three types of harm that can come from creating a new database like this:
- An inappropriate extension of police power that might be used badly. e.g. the Police use it to spy on political activists who are engaged in peaceful protest, breaching their rights to privacy and freedom from Police surveillance.
- Extension to other government departments. e.g. could CYFS access the database to determine that you are feeding your children badly because you park near the local McDonalds each day?
- Improper use. A police officer using it to stalk someone for their own reasons.
Tracking used to be hard
Tracking someone used to be hard and expensive but ANPR is going to make it easy and cheap. With ANPR you don't need a whole team of people, you don't need to install a GPS tracking device, you don't need to get a court order to access mobile phone data - you just install ANPR devices everywhere and then ask the database about whoever you like.
More to the point, you also don’t need to change any laws or apply for a surveillance warrant to install a tracking device – you can just start doing it.
It’s the sort of information that a totalitarian regime would love to have. But is it the sort of information that we want our government to have about everyone?
Shouldn't we talk about what sort of controls we might want to impose if such a system is implemented?
Are we going to end up with this system watching our every move without even any public debate about it?
There has been a bit of a kerfuffle in the press recently about Carrier IQ - a piece of software that hides on your phone and reports data back to the telephone company. (More technical details here.)
We wanted to know whether New Zealand telecommunications companies are installing this sort of software on the phones they sell to us.
Telecom deny that they used anything of the sort:
No, we do not use Carrier IQ. Our devices do not come loaded with this type of software and we don’t have an agreement with Carrier IQ or any other company that implements tools like this.
Vodafone also deny using such software and make a good point about it contravening the Privacy Act:
Vodafone would never knowingly contravene the privacy act and to the best of our knowledge this software is not on any of the devices we sell.
Telstraclear have also denied it (brevity due to denial being via Twitter):
@TelstraClearNZ No, our devices do not keylog. ^TN
2 Degrees joins the rest:
No, we haven’t. The only customer information 2degrees records is for billing purposes. We don’t monitor our customers’ handset activity or request that any software to do so is installed on devices.
Thanks to @nzkarit on Twitter for his assistance with this article.
There has been a recent spate of people being arrested in the USA and UK for taking photos and video of the police at work. We also found anecdotal evidence of police in New Zealand exceeding their legal authority when it came to people taking photos and video of them:
"Taking photographs around Cuba Mall and a police officer approached and said 'Would you like me to break that?' indicating the camera. He was exceedingly hostile and it turned out it was because the officer thought he had been photographed by us."
"Have to wonder why they confiscate cameras and tapes then. We were told we could pick the tapes up from the station... at which point any knowledge of the tapes was denied."
The legal situation in New Zealand
Firstly, it is generally accepted that anyone can photograph or video anyone else as long as the subject wouldn't have a reasonable expectation of privacy. There are a range of exceptions, but are the police one of them?
We wrote to both the Police Commissioner and the Minister of Police and asked them "Is it against the law in New Zealand to take photos of video of the police at work?"
The Police responded first: "No, not if the photos of video of police at work are taken in a public place, or with the landowner's consent if on private property."
Judith Collins, the Minister of Police, backed up the Police's position in her response, going on to say that she saw no need to change the law and was not aware of any plans to do so.
It seems clear that in New Zealand the police can't stop you from documenting what they are doing. They have no power to stop you, seize your camera or force you to delete images or video.
We believe that this is a good thing and is part of having a police force that is accountable to the people they serve. The police hold most of the cards when it comes to dealing with the public, and the prospect of being recorded should provide a brake on any temptation to abuse those powers.
However one concern remains. Police training does not cover this issue and it seems that some officers feel free to make up their own powers as they go. We recommend that the NZ Police should make sure that this is included in initial and continuing training.
Finally, we remind anyone taking photos of police at incidents to make sure that you do not get in their way or you could be arrested for obstruction.
Today Tech Liberty made an oral submission to the Justice & Electoral Select Committee about the Search & Surveillance Bill, following up from our written submission.
We changed some of our recommendations between the written and oral submissions, particularly around:
- Notifying people of searches or surveillance against them
- Handling targeted searching of computers
The full text of our oral submissions follows, albeit there were some wording changes in the actual presentation.
Text of our submission to the Select Committee about the Search & Surveillance Bill. Or download the PDF version.
1. General comments about the S&S Bill
While we appreciate the proposed changes to the Bill, we still hold grave concerns about the general thrust of the Bill towards increased powers for search and surveillance.
We have the following comments on some of the issues raised by the Summary Departmental Report.
The Search and Surveillance Bill is an attempt to rewrite New Zealand's laws around search and surveillance.
One thing that has become clear in the debate around the bill is that many people are not fully aware of the existing powers that government agencies have to pry into our personal affairs. It's not uncommon for someone to decry a 'new' power in the Search and Surveillance Bill, only to be told that it is already in existing law.
This article lists, to the best of our knowledge, the current ways that the government can use to watch us. We will expand/correct it as additional knowledge comes to light.
This article has not yet been updated to reflect the changes made when the Search & Surveillance Act became law.
[This post was prompted by contact from a person who had a laptop seized. Since original publication they have asked for their comments to be removed.]
We recently asked Customs whether they were able to do this and they replied that they could under the Customs and Excise Act (1996).
Looking for information
We'd like to find out more about what Customs are doing in this area. In particular we'd like to know what they're looking for, whether they're targeting anyone in particular, and what they do with the systems and data they seize.
Please contact us if this has happened to you or anyone you know. Please include as much detail as possible. We promise to respect your anonymity.