Tech Liberty NZ Defending civil liberties in the digital age

TICS – Second spy law passes

Posted on November 5, 2013

The Telecommunications Interception Capability and Security Bill has now passed the third reading in Parliament by a vote of 61 to 59 (National, United Future and ACT voted for it).

See our earlier coverage for more about what's wrong with the TICS Bill and how it has changed over time.

The bill codifies the government's assertion that all digital communications (which is increasingly becoming equivalent to "all communications") must be accessible by government agencies. The limits imposed are minimal and laws such as the GCSB Act override any limits included in TICS anyway.

Furthermore, to ensure that the government can do this, the GCSB will now have oversight of the design and operation of New Zealand's communications networks. They will be able to veto any decision made by the network operators that might impact on security or, more likely, limit their ability to spy as they see fit.

It seems odd that our government is passing these laws at the same time that the world is reacting to the Snowden revelations and people in New Zealand are starting to realise just how New Zealand is tied into these global spy networks through our membership of the Five Eyes (USA, UK, Australia, Canada, NZ).

Rather than take the opportunity to rethink NZ's surveillance on both local and foreign targets, the government has chosen to extend the powers of our spy agencies while refusing to make any significant improvements to their oversight.

We accept the need for some forms of spying and surveillance (especially by the Police to catch law breakers) when they have suitable oversight, but we are generally disappointed that the laws passed over the last few years have been focused on enacting surveillance agencies' wishlists rather than thinking about how to protect New Zealanders' civil liberties.

Changes to the TICS Bill

Posted on October 16, 2013

The TICS Bill (Telecommunications Interception Capability and Security), a partner to the GCSB Bill that has already been passed, is progressing through Parliament. See our round-up of articles about the Bill.

The Bill has been modified twice:

  1. The Bill as reported back (PDF) by the Law & Order Select Committee on 19/9/2013.
  2. A supplementary order paper added by the government on 15/10/2013.

The government has also provided two further documents:

As reported back by the select committee

The Law & Order Select Committee made a number of minor changes to the Bill. Many of the changes are tweaks to the drafting that have no substantive effect, while others are minor technical changes to improve clarity or streamline procedures.

Even those that do attempt to make changes are fairly weak. E.g. the Director of the GCSB will now have the duty to make decisions about network security "as soon as practicable".

There are no substantive changes worth reporting.

Supplementary order paper 366

As reported in the press release from Amy Adams, the SOP makes the following changes:

  • Clause 39, allowing the Minister to forbid the resale of a foreign service that doesn't allow interception, has been removed. This is a good change as the clause was basically unusable - no one really thought that the Minister was going to, for example, ban the sale of Apple products in NZ.
  • The GCSB's oversight of network providers has been further cleaned up in an attempt to make it workable, and the Minister can now make regulations about the timeframes for decisions.
  • The press release says "it is also proposed to narrow the scope of the matters that must be notified to the GCSB, reducing compliance costs for network operators". The words "any change" have now been replaced by "any change to the architecture", which would mean that minor changes would not have to be notified. However, the word "acquisition" has been added alongside procurement, thus extending the scope to systems that have not been through the normal procurement process (i.e. developed in-house or using free software).
  • Adds an additional step before the Minister can make a direction to a network provider about how they should run their business. The Commissioner of Security Warrants will now be required to carry out their own analysis of the GCSB's risk assessment. The Minister will also have to take into account any cost or competition implications for the network provider.
  • Acknowledges that some foreign-based service providers will not be able to provide assistance as required in clause 24 due to their own laws.

Tech Liberty comment

The changes to the Bill are largely tweaks designed to improve how the bill works rather than the product of any rethinking of what the government should or shouldn't be doing. Even the removal of section 39, which allowed the minister to ban the resale of foreign services, is fairly irrelevant as that part of the law was unworkable anyway.

There is no evidence that the revelations about the extent of government spying in our intelligence allies, the USA and UK, have had any impact on the TICS Bill which is still mainly concerned about making sure that all electronic communications in New Zealand can be exposed to government scrutiny.

The government is also still pressing on with their intention of giving the GCSB overarching control of New Zealand's voice and data networks. Again there have been some minor changes and shifts in emphasis, but network providers will still be obliged to get GCSB permission to expand or modify their communications infrastructure. The government claims that this is about improving security but it is also clearly about maintaining the ability of the Police, SIS and GCSB to spy on New Zealanders. How the GCSB will handle the tension between surveillance and security is yet to be seen.

One interesting element that hasn't changed is section 10(3) which obliges a network provider to decrypt a telecommunication where the network operator has provided that encryption. A number of submitters said that this was unclear - what about services such as Mega or LastPass that provide the encryption but don't have access to the key as it chosen by the user? The clause could be read to say that this was no defence and that the network operators would have to engineer in security backdoors or risk being fined. The government's decision not to clarify this would seem to indicate that this is the intention.

The future

We believe that changes in technology mean we need to rethink surveillance, search warrants and interception. We also fear that the cold war heritage of our security services unreasonably influences their thinking and their operations.

We support the idea of an inquiry into our intelligence services to ensure that what they do and how they do it are in the best interests of New Zealanders. We also support the idea that just because something is technically possible, it doesn't necessarily mean that we should do it. There needs to be limits on surveillance to protect important rights, such as freedom of expression and freedom of association.

We have started our own project to develop a set of suitable laws and safeguards for surveillance and spying in New Zealand. Informed by the principles at Necessary and Proportionate, we want to come up with some solutions to the hard questions that we're all being confronted with. Please contact us if you'd like to be involved in this effort.

Application of Human Rights to Communication Surveillance

Posted on August 1, 2013

Tech Liberty is proud to be a co-signatory of the International Principles on the Application of Human Rights to Communication Surveillance.

Tech Liberty's purpose is to defend civil liberties in the digital age. One of the key challenges has been the way that advances in technology have made mass surveillance dramatically cheaper and easier to implement. We can see this battle currently being fought with the GCSB and TICS Bills in New Zealand and the recent revelations about pervasive government spying in the USA, UK and other countries.

Speech to the Auckland public meeting against the GCSB Bill

Posted on July 26, 2013

Text of Thomas Beagle's speech to the Urgent Public Meeting to Oppose the GCSB Bill held in Auckland, 25th July, 2013. (Or watch video of all of the speeches.)

 

Introduction

Liberty

I’m from Tech Liberty. We’re a group dedicated to defending civil liberties in the digital age. I want to start by explaining what that means in the context of this bill.

TICS Bill – Oral Submission

Posted on July 10, 2013

Text of our submission to the Law and Order Select Committee re the Telecommunications (Interception Capability & Security) Bill.

 

Introduction

I represent Tech Liberty, we’re a group dedicated to defending civil liberties in the digital age.

In general we support the ability of the government to have interception capabilities on telecommunications where possible, when those interception capabilities have suitable oversight and control. However we fear that technological development is slowly making this lawful intercept regime increasingly irrelevant.

We’ll be addressing this and some other elements of the first two parts of the bill, before talking about the proposal to make the GCSB responsible for cyber security in New Zealand.

GCSB’s new powers for wide-spread spying on New Zealanders

Posted on June 9, 2013

There have recently been a number of revelations about the US government spying on its citizenry and other people around the world (a good summary). Many people have been shocked to find out the extent of the US's spying and access into theoretically private systems.

What many New Zealanders don't realise is that the NZ government is currently changing both the GCSB Act of 2003 and the Telecommunications Interception Capability Act of 2004 to allow similar levels of access to New Zealand communications for the GCSB (Government Communications Security Bureau).

Current law

The current TICA law already gives the GCSB, Police or SIS the technical capability to intercept all NZ communications if they have a valid warrant.

The GCSB can get warrants to spy on the communications of foreign people and organisations, although they can spy without a warrant if it doesn't require the installation of any device (e.g. wireless/satellite/radio/mobile).

TICS - Telecommunications Interception Capability and Security Bill

The new TICS Bill clarifies and expands on these interception capabilities. It also allows them to be extended to service providers (people who offer "goods, services, equipment, and facilities that enable or facilitate telecommunication") such as email providers, Trademe forums, Mega, etc.

TICS continues the existing regime where these interception powers can only be accessed with a valid warrant, but keep reading for the new exceptions to this in the GCSB Bill.

Furthermore, the TICS Bill also creates a new role for the GCSB, ensuring the security of New Zealand's telecommunications infrastructure. This includes wide powers of oversight and control of how communications networks are managed and implemented in order to "protect New Zealand's national security or economic wellbeing".

GCSB - Government Communications Security Bureau and Related Legislation Amendment Bill

The new GCSB Bill gives the GCSB three purposes (we'll come back to these):

  • 8A - Information assurance and cybersecurity. (Expanded from protecting government communications to a much wider responsibility for New Zealand's communications.)
  • 8B - Intelligence gathering, analysis and sharing. (Similar to the existing law except that it adds "gathering information about information infrastructures" to the existing spying on foreign people/organisations.)
  • 8C - Helping the Police, SIS and Defence Force by providing advice and assistance in helping them execute their own legally obtained warrants. (This is entirely new.)

The bill doesn't significantly change how the GCSB can apply for an interception or search warrant, but it does add a whole new class of "access authorisation". To quote section 15A(1)( b)

The Director may apply in writing to the Minister for the issue of an access authorisation authorising the accessing of 1 or more specified information infrastructures or classes of information infrastructures that the Bureau cannot otherwise lawfully access.

These authorisations are granted at the whim of the Minister (although see below) and are incredibly wide-ranging and open-ended. There are no recommendations of limits (other than what the Minister sees fit to impose) and there is no automatic expiry. And just in case you thought that the TICA/TICS law might provide some protection, the GCSB Bill goes on to add section 15A(5):

This section applies despite anything in any other Act.

Most importantly these new access authorisations can be used for purpose 8A (cybersecurity) as well as 8B (information gathering). As paragraph 36 of the Regulatory Impact Statement explains: "an amendment will also be required to allow the GCSB to see who (namely NZ individuals and companies) is being attacked". That is to say, the GCSB believes that it needs to be able spy on New Zealanders to maintain ther security. Based on what we know from recent reports in GCSB activities, we assume that the GCSB particularly intends to collect communications metadata (i.e. who speaks to who, when and how often but not what they say).

If you had any doubts about whether this applies to NZ communications, section 15B then further clarifies that for any access authorisations "for the purpose of intercepting the private communications of a New Zealand citizen or permanent resident of New Zealand under section 8A (cybersecurity)" the authorisation must be approved by the Commissioner of Security Warrants as well as the Minister.

And finally if you were hoping that section 14, which controls the ability of the GCSB to target New Zealanders would provide any protection, this only applies when the GCSB is performing duties under section 8B (intelligence gathering) and not section 8A (cybersecurity).

Putting it all together

The GCSB believes it needs to monitor the communications of New Zealanders in order to ensure that it can protect them from attacks.

TICA and TICS establish the technical capability for the GCSB to spy on any communications, subject to the limits in that law and the GCSB Act.

A section 15A(1)(b) access authorisation can give GCSB power to access any communications system it wants for the purpose of spying or information security, irrespective of any legal controls in any other law. This will allow it access to the facilities provided by TICS/TICA.

The GCSB will be spying on New Zealanders.

Conclusion

These new laws are not some minor adjustments to the work of the GCSB and how interception works. They are not just about letting the GCSB provide technical assistance to the Police, SIS and Defence Force.

While people in the USA are getting upset about the revelations of the extent of NSA spying there, these new laws give the GCSB far greater control of New Zealand communications networks, and practically unlimited capacity to intercept New Zealand communications.

These new laws are the point at which New Zealand switches from being a society that investigates "bad guys" subject to judicial oversight, to being a surveillance state where the government is always watching and recording everyone just in case they're thinking about doing anything wrong.

We don't want to live in that society. We believe that these new laws contravene the right in the NZ Bill of Rights to be free from unreasonable search and seizure, and will have a chilling effect on the rights to free expression and freedom of association.

We think that these laws need to be stopped.

Update on NZ Police use of aerial surveillance drones

Posted on April 2, 2013

We've been keeping track of the Police use of new surveillance and tracking technology. We asked them what they've been doing with drones and here are the more interesting/informative answers (Police letter, 19th February 2013):

  • The Police currently have one aerial drone.
  • They don't have a specific budget for it and claim not to know how much they've spent on it so far.
  • They say that they can use it for tracking people and cars but promise to do it in accordance with the Search & Surveillance Act. We note that our interpretation of this says that they need a tracking warrant to use an electronic tracking system but we don't know if the Police agree with this.
  • The Police believe that their current policy concerning video recording operations and events also covers their use of drones.
  • The Police have been contacted by the Privacy Commissioner re their use of drones and will be meeting with them soon.
  • The Police expect their drone trials to finish by the end of 2013.

You may also wish to read this article about drones by David Beatson at NZ Pundit.

We're going to be following up to get more information. If there's any questions you want asked, please leave them in the comments.

Guest post: cameras in toilets

Posted on October 18, 2012

One of the most common topics of the emails we receive at Tech Liberty is the placement of video cameras. People worry about them where they work, in the street, and on their neighbour's properties.

This guest post is from Yuri Wierda, a licensed security consultant, and he's concerned about the increasing popularity of security cameras in public toilets:


I have personally refused to install cameras in toilets and have talked a few clients out of doing it. I believe cameras in toilets are immoral and may be illegal. Part of my responsibility when advising people on security is ensuring that they themselves don't break the law.

The argument for cameras in toilets has been that it reduces vandalism.

While there may be signs advising people that there is a camera I do not believe that it justifies it or complies legally. There are several situations where signs will not provide informed consent.

  • Someone may get changed in the toilet and not see the sign.
  • Someone may be blind or illiterate.
  • Someone may be intellectually disabled.
  • Children may be visiting the toilet unaccompanied.

This creates several privacy and legal issues:

  1. The intellectually disabled and children CANNOT legally provide consent to being filmed in the nude or partly clothed. Toilets are places where people adjust their clothing and may be partially clothed. Children and intellectually disabled people will not expect there to be a camera filming them. Filming such an event is illegal (s216G to s216N of the Crimes Act) and potentially can (and should) result in serious criminal charges.
  2. People who have not seen the sign or were unable to read it cannot provide informed consent.

I am appalled that the police has provided advice that it is not illegal.

Police confirm they’re not keeping ANPR data

Posted on October 16, 2012

See update at end of post.

We've been keeping an eye on the NZ Police trials of ANPR (automated number plate recognition - read our explanation).

The main civil liberties issue with this technology is that the system stores the time and location of the license plate check. Once enough of these systems are deployed they can be used to track people by following vehicle movements, as is being done by a number of other countries. We believe that, at a minimum, there should be some controls on how this data is stored and used, for example by having to apply for a tracking warrant.

The Police themselves have been sending out mixed messages about whether they're keeping the information and whether they'll be using it for tracking, as documented by our article. At the end of that article we said we were seeking further clarification from the Police.

Police confirm they're not keeping ANPR data for tracking

We have now received a letter (PDF) from Superintendent Carey Griffiths in which he explains:

All three patrol cars and one of the vans have the capacity to store information for up to a two or three day period depending upon operational use. In general the information is not stored for any longer than a shift period which can vary from an eight hour to a ten hour shift.

One of the [two] vans has a system known as BOSS ( Back Office System Software) and this system has the capability to store information for a longer period ... The BOSS system settings have recently been amended, and the information is now only stored for a maximum of 48 hours.

It seems clear from this that the Police will not be keeping the ANPR data.

Police believe they can't track without a warrant

Furthermore, Superintendent Griffiths goes on to say that:

Police considers that with so few cameras, the technology cannot be used to "track" vehicles. In any event, Police cannot track vehicles other than in accordance with the Search & Surveillance Act 2012.

This contrasts strongly with what the Police said in a letter from December 2011:

There is no requirement for police to apply for a warrant for any ANPR information as it is gathered in a public place.

This change in attitude is quite interesting. The Search & Surveillance Act only refers to getting a warrant for tracking when it involves the use of a tracking device (s46). We initially took this to refer to getting a warrant to allow the installation of a "bug" on the car or person to be tracked.

However, tracking device is defined as "a device that may be used to help ascertain, by electronic or other means ... the location of a thing or a person".

Could one define an ANPR system as a tracking device and would the Police then have to get a warrant to use it to track people? It seems that the Police now think it would. The same argument would also seem to apply to using mobile phones to track people.

In our opinion this interpretation would fit in both with the purpose of the Act and the requirements in a civil society for oversight of the use of this type of mass surveillance.

Conclusion

We're pleased that the Police are not attempting to implement the sort of pervasive people/vehicle tracking systems that are becoming popular in some overseas jurisdictions. We do not think that this sort of police state behaviour has any place in a free and democratic New Zealand.

Furthermore, after some problems with illegal surveillance in recent years, it's good to see that the Police are taking their responsibilities under the Search & Surveillance Act seriously.

We will continue to monitor the Police use of ANPR technology and look forward to receiving copies of the assessment from the Privacy Commissioner and the final Police report into their test ANPR deployment.

Update 5th August 2013

The Police have announced they will be deploying new red-light and speed cameras. We asked them if these new cameras would support ANPR. Their response:

There are no current plans to deploy either digital red-light cameras or speed cameras that support Automatic Number Plate Recognition.

An introduction to ANPR (automated number plate recognition)

Posted on June 13, 2012

ANPR stands for automated number plate recognition.

It’s a camera that can automatically recognise and read license plates on cars and then checks them against a central database. If the plate matches a “vehicle of interest”, the police can then decide to pull over the car and talk to the driver. ANPR cameras are typically deployed in police cars and in fixed installations by the side of the road.

The current state of ANPR in New Zealand

[Edit: there is some inconsistency between the information available over multiple letters from the Police and that reported in Police News.]

[Edit 2: Superintendent Carey Griffiths has denied that the Police will be storing the ANPR data and using it for tracking. We have asked the Police Commissioner for clarification.]

According to the June 2012 edition of Police News, the NZ Police have been trialling ANPR since 2009. This has involved four mobile ANPR units which are not that sophisticated in that they need two people to operate them (one to drive, one to watch the screen).

In theory the trial ended in January 2012 but it is our understanding from Police News that they are still using the current four ANPR vehicles (2 in Auckland, 1 in Waikato/Eastern and 1 in Christchurch/Southland) and are looking at deploying another couple.

We have requested copies of reports about the trial and any recommendations about further deployment of ANPR systems.

Thanks an OIA request by Alex Harris we also have a draft copy of the ANPR manual. There is also an associated letter where the Police report that the trial began in 2010 and has consisted of only two units for a limited time in Counties Manukau and Wellington, with them currently deployed in Counties Manukau and Waitemata.

The Police answer questions about ANPR

Some questions and answers from letters to the police about ANPR (questions are ours, answers are from the Police):

Q. What data is stored with each record (e.g. location, time of day, etc)?

A. The time date and a photograph of all vehicles passing the ANPR camera is stored.

Q. Will this information include the location of the ANPR device at the time of the lookup?

A. Yes it will include the location of where the device was deployed.

Q. How long will the data for each captured license plate be kept for?

A. Data of vehicle movements captured during ANPR deployments will be retained on a secure Police database. In time this information may be deleted with it is no longer required for the purpose it was obtained. Police may search the stored data if there is a belief that there may be information relating to a crime.

Q. Are the police considering using the information stored in the ANPR database to track vehicles?

A. The ANPR system alerts police to vehicles that are a vehicle of interest to police recorded in the vehicles of interest database.

Q. If so, do the police believe they would need to apply for a warrant to use the information in this way?

A. There is no requirement for police to apply for a warrant for any ANPR information as it is gathered in a public place.

Why does ANPR make us worried?

If ANPR was simply used by the police to help find people they are actively looking for, we’d probably have no argument against it.

The problem is that it’s more than just a simple database lookup. That central database isn’t just responding to queries, it’s also storing the date, the time and the place for every car that passes the ANPR camera.

So the police end up with a very big database of car sightings – which gives them the ability to track the movements of any car they wish. Even more worrying is that they can keep this data for as long as they like and therefore “go back in time” by entering queries for any day since the database was started.

The technology is rapidly getting cheaper and could easily end up deployed in every police car and in fixed places around major cities and roads, allowing for near total coverage.

Potential harm

There are three types of harm that can come from creating a new database like this:

  1. An inappropriate extension of police power that might be used badly. e.g. the Police use it to spy on political activists who are engaged in peaceful protest, breaching their rights to privacy and freedom from Police surveillance.
  2. Extension to other government departments. e.g. could CYFS access the database to determine that you are feeding your children badly because you park near the local McDonalds each day?
  3. Improper use. A police officer using it to stalk someone for their own reasons.

Tracking used to be hard

Tracking someone used to be hard and expensive but ANPR is going to make it easy and cheap. With ANPR you don't need a whole team of people, you don't need to install a GPS tracking device, you don't need to get a court order to access mobile phone data - you just install ANPR devices everywhere and then ask the database about whoever you like.

More to the point, you also don’t need to change any laws or apply for a surveillance warrant to install a tracking device – you can just start doing it.

It’s the sort of information that a totalitarian regime would love to have. But is it the sort of information that we want our government to have about everyone?

Shouldn't we talk about what sort of controls we might want to impose if such a system is implemented?

Are we going to end up with this system watching our every move without even any public debate about it?