Tech Liberty NZ Defending civil liberties in the digital age

Submission: GCSB Bill

Posted on June 21, 2013

Full text of the Tech Liberty submission to the Intelligence & Security Committee concerning the Government Communications Security Bureau and Related Legislation Amendment Bill.

Summary

Tech Liberty has deep concerns about the extent of the powers granted to the GCSB by this Bill, especially when combined with the proposed changes to the Telecommunications (Interception Capability) Act (2004) contained in the TICS Bill.

We do not believe that the GCSB should be spying on New Zealanders. We are particularly concerned with the Bill’s silence on the GCSB’s existing practice of collecting and analysing metadata.

We do not believe that the GCSB is the right agency to have oversight and control of New Zealand’s telecommunications infrastructure in the name of “cybersecurity”.

We do not believe that the Bill makes any significant improvement to the current woefully inadequate oversight procedures.

We submit that this Bill and the TICS Bill should both be rejected. Rather there needs to be a formal review of New Zealand’s domestic and foreign intelligence requirements.

The New GCSB

This bill is a major expansion of purpose for the GCSB and includes an equally major expansion of their powers, including the ability to access any computer or communication system to spy on and monitor both foreigners and New Zealanders.

New Mission - Cybersecurity

The GCSB Act (2003) gives the GCSB the objective of protecting the communications and systems of the New Zealand government.

The GCSB Bill changes this purpose so that it will now have responsibility for protecting the information and telecommunications infrastructures of everyone in the country.

New Mission - Spying on New Zealanders

The GCSB Act (2003) allowed the GCSB to provide advice and assistance to any public authorities or other entities. However, section 14 made it very clear that this assistance was not to include any action for the purpose of intercepting the communications of a New Zealand citizen or permanent resident.

The GCSB Bill now explicitly allows the GCSB to perform interceptions of New Zealanders communications on behalf of the Police, SIS or Defence Force.

It also allows the GCSB to spy on New Zealanders for the purpose of maintaining cybersecurity. (The GCSB claims in the Regulatory Impact Statement that it will need to be able to monitor the communications of New Zealanders to detect whether they are being attacked.)

Mass Surveillance & Metadata

Continuing technical development means that it is now cost-effective to collect masses of innocuous data about people, dump it all into a huge data store and then run sophisticated analysis software over it to extract information about what people do.

Even just looking at metadata (or call associated data as it is described in the TICS Bill) can be incredibly revealing. Taking just the example of phone records, metadata can include: who we call, when we call them, how often we call them, how long we speak for, where we call them from, who they call after we call them, and so on. For example:

... in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: “You can see a call to a gynaecologist, and then a call to an oncologist, and then a call to close family members.” And information from cell-phone towers can reveal the caller’s location. Metadata, she pointed out, can be so revelatory about whom reporters talk to in order to get sensitive stories that it can make more traditional tools in leak investigations, like search warrants and subpoenas, look quaint. (Susan Landau quoted in the New Yorker)

Adding additional sources of information such as banking records, electronic toll records and so on increases the amount of information that can be mined from the collected data. Once you start collecting data on everyone, the records can be cross referenced with each other to work out who associates with whom and you end up with a very detailed database about people’s lives.

GCSB access to metadata

In the Kitteridge report the GCSB revealed that they believe that “metadata was not a communication” and that they “could, on request, lawfully obtain and provide information about metadata involving New Zealanders, without the authority of a warrant...”

The current bill provides the ability for the GCSB to apply for warrants and access authorisations that can target any number of people, systems or classes of people and systems. It is clear to us that these warrants and access authorisations are designed to be as wide and open-ended as possible so that the GCSB can actively collect both communications and metadata in an ongoing fashion.

Metadata is important

We reject the idea that metadata is any less important or less worthy of protection than the content of a communication.

We further reject the idea that the GCSB should be able to collect metadata about any person who they are not actively investigating, and that this collection should only be possible subject to a properly issued and specific warrant.

No mass surveillance

We believe that the GCSB should not be creating large databases of information about New Zealander and that we should not be giving them the legal powers to do so.

The GCSB Act should be amended to make it clear that a) metadata is to be subject to the same controls and limitations as communications, b) the GCSB is not permitted to create any databases of information about New Zealanders who are not actively under investigation.

Cybersecurity

The GCSB and TICS bills combine to give the GCSB a new purpose of being responsible for the security of New Zealand’s telecommunications and data networks. (As noted earlier, the 2003 Act only gave the GCSB responsibilities for securing government communications.) This is a major expansion of the GCSB’s purpose.

No spying for our protection

To do this the GCSB asserts it needs wide powers to spy on New Zealanders in order to “see who is being attacked” (wording from para 36 of the RIS). This is the same type of thinking that would argue for a police camera in every home to see who is being burgled. It is a pathetically transparent justification to get legal clearance to continue spying on New Zealanders.

We reject the idea that we need the GCSB to spy on us for our own protection.

GCSB not the right agency to do cybersecurity

The GCSB is not the right agency to be responsible for cyber security. It will be difficult to trust an agency that has the dual roles of both spying on systems while ensuring that they are protected from others.
This is especially true given that the GCSB has a long history of working with and sharing information with intelligence agencies in other countries such as the US who appear to be actively spying on the communications of New Zealanders.

The level of oversight and control given to the GCSB in this new role will also make others reluctant to trust New Zealand telecommunications infrastructure. For example, will companies that trade with New Zealand be willing to use New Zealand hosted services such as Xero, knowing that the GCSB will be able to get at their financial records?

No GCSB spying on New Zealanders

We support the clear intentions of the GCSB Act (2003) in that the GCSB should not be spying on New Zealand citizens and permanent residents. We note that the only assistance that the GCSB could give to other agencies in the original act was to help them secure their own systems and communications.

The GCSB’s main purpose has always been spying on our neighbours in the Pacific and sharing the information received with our intelligence allies. We believe that bolting on this ability to assist the Police, SIS and Defence Force is inappropriate and will weaken the clarity of purpose of the GCSB.

This lack of clarity of purpose can be seen in the recent Kim Dotcom/Megaupload case where it appears that the GCSB got involved in spying on people who were merely being accused of providing tools to allow people to breach copyright.

The tools and mentality used to do this kind of work is very different from that used by the Police and SIS in protecting New Zealand and New Zealanders from threats. Technically the types of investigations undertaken by the Police and SIS target people who have drawn their attention in some way, whereas the GCSB tends to trawl everything looking for information.

We further believe that the SIS and Police should well be able to develop their own technical capabilities and can then operate them in accordance with the rules and controls that they are used to working under. The need for highly technically skilled police staff and resources will grow quickly, so must be addressed appropriately by the agencies responsible. Using a NZ spy agency instead is insufficient and inappropriate, and opens up the police work undertaken to disrepute.

Insufficient oversight

Recent events have shown that oversight of the GCSB has been failing. The current oversight regime relies on the Minister and the Inspector-General of Intelligence both doing their job but clearly illegal behaviour has been ignored, issues have not been followed up, and the Minister has been shown to be ignorant of what has been happening within the bureau.

This bill makes some minor changes to the powers of the Inspector-General but we are still being asked to rely on an oversight model that has already shown that it is not fit for purpose. We note that both the Inspector-General of Intelligence and the Commissioner of Security Warrants are both appointed by the very Minister that is the only other significant check on the GCSB.

The GCSB has major powers of intrusion into the lives of New Zealanders. This bill in combination with the TICS bill greatly expands the powers of the GCSB and their scope of operations. These invasive powers need oversight that is not only effective but can be trusted.

We need an expanded and significantly better system of oversight that doesn’t rely on one politician and their direct appointees. This bill does not provide it.

Conclusions

Civil liberties

When considering any bill with as much impact on civil liberties as this one, there are a number of questions that need to be answered:

Is this bill necessary? We do not believe that the Government has presented any credible argument for the GCSB to have these powers to spy on us. The last person killed by terrorists in New Zealand died nearly 30 years ago. While cybercrime is annoying for those who suffer from it, even the most excitable claims about the total cost are low compared to other forms of crime in New Zealand.

Are these measures proportional? The creation of a mass surveillance state with government agencies that collect data about us and analyse it is a major step in changing the nature of our society. People act differently when they are being watched and there is a chilling effect on freedom of expression. The government has failed to show that these losses are proportional to any perceived benefit we will get from giving up our privacy in this way.

Are the powers granted the minimum required? Any surveillance should be limited to the minimum required to address the immediate requirement. This would normally mean targeting a person or group of people after it has been shown that there is a reasonable requirements to do so. This bill fails to do so by enabling mass surveillance regardless of reasonable suspicion.

Is there appropriate transparency? The bill does not provide enough reporting about what the GCSB is doing and to the extent it is doing it. A simple accounting of the number of interception warrants and access authorisations does not provide sufficient insight into the activities of the GCSB.

Is there proper oversight? All oversight in the GCSB bill is provided by the Minister for the GCSB and two functionaries appointed by that same minister, an arrangement that has already been demonstrated to be inadequate. There is no judicial oversight, no independent auditor or board of trusted citizens to review these decisions.

Throw this bill out and start again

We believe that this bill is a serious threat to New Zealand’s democracy. It enables the GCSB to engage in mass surveillance of the New Zealand people in a matter more fitting to East Germany or China.

The GCSB might argue that they need these powers to protect us - but we believe those decisions are up to the people of New Zealand. We reject their claims and find their proposed solution to be an unacceptable overreach.

We have not provided a list of individual improvements that can be applied to this bill as we believe the entire bill needs to be thrown out and the process started again, along with the Telecommunications Interception Capability and Security Bill.

We recommend:

  • A general review of New Zealand’s intelligence organisations, domestic and foreign. This should focus on establishing our needs before deciding on what agencies and laws we need.
  • Establishing an independent cyber-security organisation with a coordinating and consultative role rather than intrusive and coercive.
  • Providing sufficient resources to the Police and SIS to enable them to do their own technical work without relying on the spy powers of the GCSB.
  • Banning our surveillance agencies from doing mass surveillance of innocent people.
  • Accepting that metadata (or ‘associated call data’) is as important to privacy as the content of communications and providing it with the same protection.
  • Establishing independent and effective oversight of surveillance carried out by all of New Zealand’s agencies with surveillance powers.
  • Applying the same standards that we apply to data collection about New Zealanders to information received from foreign countries about New Zealanders.
  • Setting strict limits on what data about New Zealanders can be shared with overseas agencies.

About Thomas Beagle

Co-founder and spokesperson for Tech Liberty
Comments (5) Trackbacks (0)
  1. Wikipedia says: On 24 September 2012 Prime Minister John Key revealed that, at the request of the police, the New Zealand Government Communications Security Bureau (GCSB) had spied on Dotcom, illegally helping police to locate him and monitor his communications in the weeks prior to the raid on his house. The GCSB is not allowed to spy on New Zealand citizens and Dotcom had been granted permanent residency. Three days later, the Prime Minister John Key apologized for the illegal spying. “I apologize to Mr Dotcom. I apologize to New Zealanders because every New Zealander…is entitled to be protected from the law when it comes to the GCSB Government Communications Security Bureau, and we failed to provide that appropriate protection for him.” In December 2012, Chief High Court judge ordered the GCSB to “confirm all entities” to which it gave information sourced through its illegal spying. This opened the door for Dotcom to sue for damages – against the spy agency and the police. The Crown (Government) appealed but in March 2013, the Court of Appeal upheld the High Court’s decision.

    We see that the Fake Apology of the Dishonorable Prime Minister of New Zealand, not only to Kim Dotcom, but to All New Zealanders was not a Genuine Apology, because we see the Criminal and Dictatorial Conspiracy to Introduce Retrospective Legislation under the Guise of Parliamentary Democracy.

    The New Zealand Government wants Retrospective Legislation which is the Unprincipled Methods of Dictators to make past Illegal Activity by the Government Legal, and to make past Legal Activity both Illegal and Prosecutable, and this is the First Step towards a Dictatorship for New Zealand, which will maintain a Facade of Democracy.

    This Facade and Mockery of Democracy will have Rigged Elections, where the same Old Undemocratic Corrupt Politicians are Reelected, along with a Corrupt and Lying Mainstream Media that is Bribed, along with a Puppet Supreme Court, which Acts as a Rubber Stamp for the Dictators.

    Prime Minister of New Zealand John Key argues that the bill simply clarifies what the GCSB already does, and said: “I do not believe it expands the mandate of the GCSB; I think what it does do is clarifies fully in the law what has been the historical behaviour of GCSB under what they believed was their legal authority. And the bottom line is, that because of difficulties in interpretation in the law, we need to clarify that law, but this is something that has been going on for a very long period of time under previous governments.”

    We can see that the High Court and the Court of Appeals have both found that the Government Acted Illegally, and the Prime Minister of New Zealand wants to Introduce the Dictatorial Retrospective Legislation, to clarify fully in the law what has been the historical behaviour of GCSB under what they believed was their legal authority.

    The GSCB knew they were breaking the Law, and the Dictator John Key who is posing as a Prime Minister in the Guise of a Parliamentary Democracy, wants to create New Zealand as a Military Dictatorship.

    The Whistleblower Edward Snowden, saw that not only was the American Constitution being Violated, but that Employees of the NSA Spy Agency were recording Private Conversations, Private Intimate Emails, and Private Webcam Material of a Sexual Nature, along with Recording Conversations at the Paid Dirty Chat Companies, and then Masturbating over these, and this is why the American Government, which belongs in Guantanamo Bay Desperately wants to Persecute him.

    Edward Snowden is understandably too afraid to admit it, because he has family to consider.

    Officially, there are only 1.5 million CIA and NSA and other Categories of employees who can spy on almost anyone in America, with Female Employees wanting to spy on friends and neighbors, and Male Employees also wanting to do this.

    We know that Hitler built his Dictatorship using the Gestapo and other Government ‘Public Servants’, but they did not have the Technology that Anglo-America has.

    We know that there is a Culture of Corruption within the Police and other Public Services, and with the Mainstream Media, and they all have the Dirt on each other, and there is Culture of Silence and Cover Up with these Influential People.

  2. There is one Principle in Law, and that is that Ignorance of the Law is no Excuse.

    The Fact of the Matter is that the Law has been Violated by the New Zealand Spy Agency, and the Court will take into Account, whether the Spy Agency Acted in Ignorance, when Determining the Penalty.

    It is a Lie by the Dictator JOHN Key who poses as New Zealand’s Prime Minister to say that the Spy Agency believed they Acted in Accordance with the Law.

    The Dishonorable Prime Minister of New Zealand Key Falsely Claims that the bill simply clarifies what the GCSB already does, and the Prime Minister John Key said: “I do not believe it expands the mandate of the GCSB; I think what it does do is clarifies fully in the law what has been the historical behaviour of GCSB under what they believed was their legal authority. And the bottom line is, that because of difficulties in interpretation in the law, we need to clarify that law, but this is something that has been going on for a very long period of time under previous governments.”

    The High Court of New Zealand and the Court of Appeals have both found that the Government and the Spy Agency Acted Illegally, and the Prime Minister of New Zealand wants to Introduce the Dictatorial Retrospective Legislation, to Cover Up the Criminal Activities of both the Prime Minister and the Spy Agency.

    We know how the Director of the American Federal Bureau of Investigation JOHN Edgar Hoover, discovered the Dirty Secrets of Politicians, and Blackmailed them, and JOHN Edgar Hoover became the Shadow Government of America, and New Zealand Voters are Wondering if JOHN Key and others are being Blackmailed, and if so, then certain Leaders of Political Parties may become Unelectable.

    We know that JOHN Edgar Hoover was a homosexual, and he was able to Blackmail American Politicians who he had Filmed engaging in Acts of Bestiality, Homosexuality, Marital Infidelity, and Pedophilia, and today’s cameras are much smaller and far superior, as is the ways of secretly listening on others, and People should reasarch this Technology on the Internet.

    The Dishonorable former Prime Minister of Italy Silvio Berlusconi has been Sentenced to 7 years imprisonment for having sex with a Minor, and People think that technically under the Law, that it was an Act of Pedophilia.

    Once the Spy Agencies write the Legislation for a Country, rather than having a Proper Public Debate, then they will become the Shadow Government, even taking Bribes from America, and that will not be good for New Zealand.

    The Spy Agencies can easily create an Event, or they can Fake it, like they did with the Sandy Hook Hoax, the Boston Marathon Bombing Haox, and the Woolwich Hoax, and please examine the evidence before you belive the Lies of the Bribed and Corrupt Puppet Media who may also be Blackmailed at http://www.youtube.com/playlist?list=PL5WdALk2_ZNQKZYrxctoOI349mDBy1w91 , http://www.youtube.com/playlist?list=PL5WdALk2_ZNRwoel2GmqniInB0VLF70b2 , http://www.youtube.com/playlist?list=PL5WdALk2_ZNRqrnbtWFlU7UfA87ib8iDJ , and http://www.youtube.com/user/bendavvis .

    New Zealand is in Real Danger of losing its Democracy, its Freedoms, and its Liberties, and Many Voters believe that an immediate Election should be held as soon as possible to Restore Democracy Back to New Zealand.

    The Prime Minister of New Zealand, and the New Zealand Spy Agency knew they were Deliberately and Willfully breaking the Law.

    Dictator JOHN Key who is posing as a Prime Minister in the Guise of a Parliamentary Democracy, wants to make New Zealand into a Police State, and then as a Military Dictatorship that takes orders from America, and this Matter of Definite Public Importance should discuss this on Talk Back Radio, because the Price of Freedom and Liberty is Eternal Vigilance.

  3. There is one Fundamental Principle of a Democracy that Practices the Rule of Law, and that is Equality before the Law.

    We know that the Democratically Elected Government makes the Laws; however, what we see in New Zealand is an Attempt to have One Law for US, and Another Law for them.

    This does happen with certain People being Prosecuted for Violations of the Law, and others have Immunity from Prosecution for the same Violations of the Law.

    The other Method is to use the Unprincipled Methods of Dictators and Propose Retrospective Legislation, as the Prime Minister of New Zealand John Key is proposing.

    It is one thing to put Suggestions up for how the Spy Agency will work in the Future, and to then put them up for Public Debate and for a Parliamentary Committee to examine, and then to a Vote of the Parliament.

    However, it is an Entirely Different Matter to Propose Retrospective Legislation that will make the past Illegal Criminal Activities of the New Zealand Government and their Spy Agency Immune from Prosecution, thus making it One Law for US, and Another Law for them.

    Does the New Zealand Government intend to Introduce Retrospective Legislation to give all Convicted Tax Cheats their Money Back with Compensation?

    The Deceptive Prime Minister of New Zealand John Key, Falsely Claims that the bill simply clarifies what his Spy Agency already does, and the Prime Minister John Key said: “I do not believe it expands the mandate of the GCSB; I think what it does do is clarifies fully in the law what has been the historical behavior of GCSB under what they believed was their legal authority. And the bottom line is, that because of difficulties in interpretation in the law, we need to clarify that law, but this is something that has been going on for a very long period of time under previous governments.”

    The Existing Legislation CLARIFIES This, otherwise the Prime Minister is saying that Successive Governments have been Too Stupid or Too Incompetent to write Legislation, and so all Members of the New Zealand Parliament who were in Government with that Legislation are Unelectable, because they all did not know what they were doing with the Spy Agency Legislation, or that they were Blackmailed by a Shadow Government, or a Foreign Government!

    The Government of New Zealand should realize is that Retrospective Legislation is Simply Unacceptable, and High Inappropriate to any Democracy.

    All New Zealand Parliamentarians know what occurred and that is on the Record of which Wikipedia says: On 24 September 2012 Prime Minister John Key revealed that, at the request of the police, the New Zealand Government Communications Security Bureau (GCSB) had spied on Dotcom, illegally helping police to locate him and monitor his communications in the weeks prior to the raid on his house. The GCSB is not allowed to spy on New Zealand citizens and Dotcom had been granted permanent residency. Three days later, the Prime Minister John Key apologized for the illegal spying. “I apologize to Mr Dotcom. I apologize to New Zealanders because every New Zealander…is entitled to be protected from the law when it comes to the GCSB Government Communications Security Bureau, and we failed to provide that appropriate protection for him.” In December 2012, Chief High Court judge ordered the GCSB to “confirm all entities” to which it gave information sourced through its illegal spying. This opened the door for Dotcom to sue for damages – against the spy agency and the police. The Crown (Government) appealed but in March 2013, the Court of Appeal upheld the High Court’s decision.

    We see that the Fake Apology of the Prime Minister of New Zealand, not only to Kim Dotcom, but to All New Zealanders was not a Genuine Apology, because we see the Criminally Motivated and Dictatorial Conspiracy to Introduce Retrospective Legislation under the Guise of Parliamentary Democracy, and ‘CLARITY’.

    There is One Thing that Retrospective Legislation CLARIFIES, and that is that a Claimed Democracy is Not a Democracy, and that there Exists One Law for US, and Another Law for them.

    The New Zealand Government wants Retrospective Legislation which is the Unprincipled Methods of Dictators to make past Illegal Activity by the Government Legal, and to make past Legal Activity both Illegal and Prosecutable, and this is the First Step towards a Surveillance State (SS) that leads to a Dictatorship for New Zealand, which will maintain a Facade of Democracy if Retrospective Legislation is contemplated.

    This is why Many Citizens of New Zealand want the Principles of Equality before the Law, the Rule of Law, along with Accepted Democratic Practice to be Respected with regards to any possible amendments to the existing Legislation for how the Spying Agency should work in a Proper Manner, with sufficient Safeguards to ensure Parliamentary Accountability, and Respect the Principle of Equality before the Law.

  4. Thanks for your submission, Tech Liberty. Not 100% sure that ‘journalist’ above is really on your side.


Leave a comment


 

Trackbacks are disabled.