Does the TICS Bill really give the GCSB control and oversight of NZ telecommunications?
After our recent article looking at the TICS (Telecommunications Interception Capability & Security Bill), we were contacted by Brad Ward, the Programme Manager of the Telecommunication Review at the Ministry of Business, Innovation and Employment (MoBIE).
He had some issues with what we wrote, and in particular he rejected our claim that the bill gave the GCSB sweeping new powers of oversight and control over NZ telecommunictions networks, writing that (emphasis added):
The new formal framework for network security does not give “sweeping powers of oversight and control” to the GCSB, and it does not give the GCSB “final control of network design and operation.”
The GCSB already works in partnership with network operators on network security issues, to agree on measures that are proportionate and risk-based. The Bill will formalise and build on this existing approach.
The Bill emphasises that network operators and the GCSB are to work cooperatively and collaboratively on identifying and addressing network security risks.
In the event that the network operator and the GCSB are unable to agree, the Bill establishes a Ministerial direction power that can be used where significant national security concerns are involved, and as a last resort. This Ministerial power relates to network security issues.
The GCSB would apply to the Minister responsible for the GCSB to direct a network operator to take specific steps to prevent, mitigate or remove the security risk.
The Minister can receive any submissions on this directly from the network operator, and is required to consult with the Minister for Communications and Information Technology and the Minister of Trade.
When exercising the direction power, the Minister is required to take into account the principle that the direction should be proportionate to the network security risk. This means considering whether costs would be higher than reasonably required to address the risk, and whether there would be undue harm to competition or innovation in telecommunications markets.
Looking at the law
Firstly, while it is nice that the Bill suggests that network operators should work in partnership with the GCSB over security, the reality is that there is no choice. Let's quote section 45(1):
A network operator must engage with the Director as soon as practicable after becoming aware of any network security risk, or proposed decision, course of action, or change that may raise a network security risk.
A network security risk is defined as: "any actual or potential security risk arising from (a) the design, build, or operation of a public telecommunications network; or (b) any interconnection to or between public telecommunications networks in New Zealand or with telecommunications networks overseas".
Further more in section 47(1) (edited for clarity/length), "a network operator must notify the Director of any proposed decision, course of action, or change made by or on behalf of the network operator regarding procurement of..., changes to..., and ownership control... of anything that falls within an area of specified security interest."
This applies to areas of specified security interest which are defined in section 45(1) as (slightly edited for clarity) "network operations centres, lawful intercept equipment, any part of a public telecommunications network that manages or stores aggregated customer information or administration authentication credentials, and any place in a network where data aggregates in large volumes being either data in transit or stored data".
The compliance process
So, what happens after this engagement/notification if the GCSB thinks it would raise a network security risk? Sections 49 to 54 have the process:
- Director of the GCSB notifies the network operator and then again in writing in s49(1)(a) and s49(2)
- Network operator must immediately stop work. s49(1)(b)
- Network operator can propose an alternative. a49(3)
- GCSB considers the network operator's proposed alternative and possibly accepts it. s50(1) and s50(2)
- Network operator must implement the response. s51
- If the GCSB is not happy with the proposal it may refer the matter to the Minister (the Prime Minister normally has responsibility for the GCSB) to make a direction. s52
- Network operator may choose to make a submission to the Minister. s53(2)(b)
- The Minister must consult with the Minister for Communications & Information technology and the Minister of Trade. s54(3)
- The Minister may direct the network operator to either cease/refrain from an activity or make changes to or remove any system or operation on the network. s54(2)
- If the network operator refuses to comply with an s54 Ministerial direction, this is treated as serious non-compliance. s82(b)
- The GCSB can servce an enforcement notice on the network operator. s85(2)
- The GCSB can apply to the High Court for a court order. s86(1)
- The High Court can make an order (subject to normal apeals). s87
- The High Court can make the network operator pay a fine of up to $500,000 and/or $50,000 per day of continuing non-compliance. s92 and s93
In other words, the Bill may suggest that the GCSB and network operators should cooperate, but the content of the law and the procedure I have just outlined makes it very clear to everyone involved where the power really lies. Indeed, the expectation that network operators will do what they're told is so clear that we wouldn't expect any fines to be issued because there won't be a lot of point fighting any directions from the GCSB.
But it's only security issues!
Now one might claim as Brad Ward has that "This Ministerial power relates to network security issues."
However when it comes to network design and operation, everything has an impact on network security. What you buy, what systems they run, who you buy them from, how they get delivered to you, where they're installed, how they're configured, who you've employed, how well they're trained, etc, etc, etc - network security is not one attribute but is a product of the system as whole.
Conclusion
We stand by our original statement that the TICS Bill as written will give the GCSB sweeping powers of oversight and control over New Zealand telecommunications networks.
One final point of interest is - why is a government bureaucrat trying to deny this is the case? Does the Bill as written not reflect the intention of the people who wrote it, or is this a case of the government trying to pull the wool over people's eyes?
Govt proposes GCSB control over NZ communications in new TICS Bill
The government has announced two new Bills for reforming the GCSB and expanding their powers. The first is the GCSB and Related Legislation Amendment Bill (PDF) and the second is the Telecommunications (Interception Capability and Security) Bill (PDF).
This article is a summary of the major parts of the TICS Bill.
The TICS Bill is a replacement for the Telecommunications (Interception Capability) Act 2004. This law forced communications providers (ISPs, telcos, data networks, etc) to provide "lawful intercept" capabilities so that the Police, SIS and GCSB could access communications once they had a suitable warrant. The new bill expands and clarifies these requirements.
However, the addition of the word "security" is the key to what has changed. The new bill now gives the GCSB sweeping powers of oversight and control over the design, deployment and operation of all data and telecommunications networks run by network providers in New Zealand. The stated reasons are to both protect New Zealand's infrastructure and to ensure that surveillance agencies can spy on traffic when required. As part of this, the GCSB will have the power to stop network providers from reselling overseas services that do not provide these capabilities.
Summary of major elements of the TICS Bill
Interception
From the Bill:
A network operator must ensure that every public telecommunications network that the operator owns, controls, or operates, and every telecommunications service that the operator provides in New Zealand, has full interception capability.
Note that the surveillance agencies still need to have a legally issued warrant (under the Search & Surveillance Act, NZ SIS Act, or GCSB Act) to actually intercept any communications and there are obligations to avoid capturing communications that are not covered by the warrant.
The new Bill splits communications providers into multiple classes, with small, wholesale and infrastructure providers having reduced obligations. Providers must either have a full intercept capability, to be "intercept ready", or to be "intercept accessible". Membership of these classes can be varied by direction of the Minister.
The Bill specifies that the law applies to companies whether based in New Zealand or overseas. It then goes on to give the Minister the power to ban the resale of an off-shore telecommunications service in New Zealand if it does not provide interception capabilities. This could stop the resale of foreign-hosted VPNs, instant message services, email, etc.
Finally, there is more detail about how intercepted data should be formatted and delivered (apparently this has caused problems under the existing law).
Encryption and decryption
Network operators must decrypt the intercepted communications if they have provided the encryption, but there is no obligation to do so if the encryption is provided by others.
What does this mean for providers such as Mega (file locker) or LastPass (password storage) who have a business model based on the fact that they supply a cloud product that uses encryption but have deliberately designed it so that they can not decrypt the files themselves? This gives users the assurance that they can trust them with their data. Will the government close them down unless they provide a backdoor into the system?
Network security
There is a major new role for the GCSB in overseeing the design and operation of commercially available data and voice communications networks.
The Bill says that network providers and the GCSB are to work co-operatively and collaboratively on identifying and addressing network risks. If they fail to cooperate sufficiently, the law provides for penalties of up to $500,000 with an additional $50,000 per day.
Network operators must notify the GCSB of any proposed decision, course of action or changes made by them in regards to purchases, network changes or ownership/control of the "specified security interest". This includes their network operations centre (NOC), lawful intercept equipment, customer databases, databases of user accounts, and "any place where data aggregates in large volumes".
The GCSB can also demand any other information about the security and interception capabilities of the network including copies of contracts, specifications, and so on. That the information is commercially sensitive or held in confidence is not a defense.
Compliance
All network operators will have to register themselves with the government. The register will be administered by the Police and available to the Police, SIS and GCSB.
The register will include the numbers of customers, names of responsible contact people within the organisation, the regions they operate in and the types of services they provide. Providers of infrastructure services (e.g. companies that provide fibre links but not the equipment for communicating over those links) will also have to give the names of their customers to the register. There are penalties for non-compliance.
The government can insist that communications providers must obtain secret-level security clearances for some of their staff. It does not say what will happen if none of the technical staff qualify for a security clearance.
Liability and protecting classified information
People who do any act in good faith under the new law will be protected from subsequent prosecution or lawsuits. i.e. the new law is superior to other NZ laws or existing contracts.
There is also a provision that allows the courts to receive classified information in a court case in the absence of the defendant or the defendant's lawyer. This applies to information that might reveal details of the interception methods used by the surveillance agency or is about particular operations in relation to any of the functions of the surveillance agency, or is provided as secret information from the surveillance agencies of another country. It can also be used if that disclosure would prejudice security of NZ, prejudice the maintenance of law, or endanger the safety of any person. The judge in the case can appoint someone with an appropriate security clearance to represent the interests of the defendant for these parts of the trial.
Analysis and comment
The new TICS Bill is a major expansion of government power over the internet and other communications networks in New Zealand. While the existing TICA Act already mandated the provision of lawful intercept capabilities, handing over final control of network design and operation to the GCSB in the name of "security" seems incredibly wide and open ended.
Adding an additional level of government bureaucracy to the design and operation of these systems would appear to be a fairly significant hindrance to the ability of network operators to run their businesses.
There also must be concern about the GCSB being able to ban the resale of any services that do not provide lawful intercept capability. This means that New Zealanders will be prevented from protecting their communications from the New Zealand government - but equally they will be prevented from protecting their communications from foreign governments too. (We can safely assume that a foreign service that gives access to the NZ govt will also provide it to others.) These rules could wipe out businesses such as file lockers and password stores that rely on providing secure storage to their users.
One must ask where the justification for this expansion of power is coming from. Has New Zealand already been materially affected by attacks on our communications infrastructure? It seems clear that while the GCSB may not be that competent at exercising the powers they already have, they have done a fine job of convincing the government that they can handle a lot more.
There are many other parts of concern and there will need to be more analysis of the interception capabilities in conjunction with the new GCSB bill. One that does stick out as particularly offensive to civil liberties are the provisions for convicting people based on secret evidence. How can you defend yourself fairly when you can't even find out the evidence presented against you?
We will be doing further work on analysing this bill and would welcome contributions, particularly from those within the industry who already have experience working with TICA requirements.
Anti cyber-bullying proposal marches on
A cabinet paper (PDF) shows that the Government has accepted most of the Law Commission's proposals to control and punish cyber-bullying and other 'digital harms'. This includes:
- Clarification of existing laws such as the Harassment Act to explicitly say that they apply to modern communications technology.
- Establishment of an agency (probably NetSafe) that will provide non-coercive mediation of online issues.
- More encouragement of anti-bullying measures in schools.
- New criminal offences for "using a communications device with the intention to cause harm" and "incitement to suicide".
- Establishment of a new regime with wide ranging censorship powers for controlling online speech, including new tighter standards for what speech is acceptable online.
One significant change is that the paper rejects the establishment of a separate Communications Tribunal (staffed by District Court judges with specialist knowledge in this area) in favour of passing it to the District Court as a whole. This would seem a step backwards in many ways as we question whether the average District Court judge is up to the task of understanding the technology involved.
Our response
Read our response to the Law Commission's original proposals: What's Wrong with the Communications (New Media) Bill and can it be fixed?
Many of these problems remain in the current proposal.
From a civil liberties point of view, the most serious concerns are around the idea that online speech should be held to a different and significantly higher standard than offline speech, a position we strongly object to. There is also a concern around why harming someone via online communication is seen as so much worse than other forms - it would make more sense to us to concentrate on the extent of the harm caused, not the means by which it was delivered.
From a purely practical point of view, when we consider the wide-ranging use of anonymity and foreign services on the internet, combined with the speed at which many situations blow up online, we still question how much good these proposals will be able to do.
Other Reactions
Our page listing reactions to the initial report.
No Right Turn reports that the proposal is the return of the offence of criminal libel:
Back in the dark ages, when spousal rape was legal and homosexuality was a crime, there was a criminal offence in this country of "criminal libel". Publishing material "designed to insult any person or likely to injure his reputation by exposing him to hatred, contempt and ridicule" wasn't just a matter for defamation lawyers; it was a crime punishable by two years imprisonment. The law was clearly incompatible with the Bill of Rights Act (not to mention with modern ideas about defamation being a tort), and so it was repealed in 1992. Now Judith Collins wants to bring it back - but only on the internet.
Lawyer Steven Price points out some of the hurdles you'll have to get over to actually use the new new censorship regime and then questions the wisdom of handing over decision making around some complex technical and Bill of Rights issues to the next District Court judge off the bench.
Blogger David Farrar generally favours the proposal but questions the communications principles.
InternetNZ points out that the proposal has some worrying flaws.
Do New Zealanders want web-based email services to be subject to take-down orders? Do people understand that such orders, as outlined in the Cabinet paper, could be based on lower legal standards than is the case today – and could be imposed on people without them being part of the Court’s proceedings?
Vikram Kumar worries that the proposals will cause collateral damage to the NZ internet.
NZ Herald editorial in favour.
RIANZ withdraws again and copyright notices insufficient
Three brief items about the Copyright Act and the Copyright Tribunal:
1. RIANZ withdraws from another defended hearing
Another defended hearing was scheduled to go to the Copyright Tribunal this month but RIANZ has withdrawn the complaint (info from phone call to Copyright Tribunal). No further details of the case are known, so was it another fatally flawed case like the first withdrawn case or is RIANZ just not prepared to fly down to Christchurch to appear before the Tribunal?
2. Second Copyright Tribunal Decision
A second decision has been made with the Copyright Tribunal ordering a 50 year old father to pay $557 to RIANZ for sharing two songs (one twice). As in the last judgement, the evidence would appear to show that the defendant did not really understand the process nor what they had been accused of - rather it seems likely that their 8 and 12 year old sons might have done it. There is also evidence to show that they didn't understand the first two notices they received enough to be able to take action to prevent the third enforcement notice.
3. Copyright Act working as intended - kind of
Finally we come to a case where the Copyright Act did work as intended - but only after the intervention of Tech Liberty. We received a communication from someone who had received an initial detection notice.
Just got this and as a 52 year old single mum I can't understand what they mean about that the alleged infringed song has been communicated to the public? Is the infringement about the song being downloaded of shared publicly or both? I'm horribly confused. My teenage daughter says she can't stand the song and I don't even know the song. Perhaps my older 2 adult children or my boarders have done this? Any advice would be very much appreciated.
Her confusion is quite understandable when you look at the notice (identifying details removed):
Notice Number: xxxxxxxxx
Infringement Notice Date: xxxxxx
Notice Type: Detection Notice
Infringing IP Address: xxx.xxx.xxx.xxx
Infringing Date: xx/xx/xx
Name of the file: Chris Brown - Beautiful People.mp3
Unique identity of the file:
Copyright Owner: Sony Music Entertainment Incorporated
Type of Copyright Work: Sound recording (14(1)(b))
Restricted Act: Copyright has been infringed by this account holder communicating the work to the public (16(1)(f))
File Sharing Application: Azureus 4.5.0.4
What is this meant to mean to someone who doesn't understand what file sharing is? The information included by Slingshot may have explained the law but made a very poor effort at explaining what she was accused of. We rewrote it for her:
They're saying that someone at your house has installed a piece of software called Azureus (also called Vuze) and they've used that to download a song called Beautiful People by Chris Brown. The Azureus software not only downloads the song, it also uploads it to other people who want it (this is why it's called peer to peer file sharing). Sony/RIANZ have detected this upload and have made a complaint to Slingshot who have passed it on to you.
The response came quickly:
Thank you so much for getting back to me and for taking the time and all the information, very much appreciated. :) I have found out that one of my son's friends has done this and he says he won't do it again. He is a good family friend so thats fine. I will get the guys to delete the Azurus or Vuse and to check for any other peer to peer programs.
Surely a good outcome for RIANZ with a junior copyright infringer stopped after the first warning.
But it seems that the current format of the notices is not good enough. Non-technical people don't understand what they're accused of and have no idea what they should do to stop it happening again. And, after all, it's often the non-technical people who are the account holders while someone else sharing the same account may be the one doing the infringing.
It seems clear from these first few cases that the notices need to be improved so that they do a better job of explaining both the accusation and what they need to do to stop it happening again.
First Copyright Tribunal case demonstrates flaws in the law
The first decision from the Copyright Tribunal has now been announced and RIANZ has been successful in getting a penalty of $616.57 awarded to them. Read the text of the decision linked from this NBR article.
Facts of the Case
The respondent admits to downloading one of the tracks using uTorrent but seems confused as to how she could have received two notices for downloading it twice (she's actually been accused of uploading it). She also acknowledges that she was in the wrong and goes on to say that she had deleted the track and removed the software from her computer.
The respondent also denies having downloaded the second track and says that she also doesn't think anyone else in her household would have done it.
The decision
The respondent has been ordered to pay $616.57 to RIANZ (the applicant) calculated as:
- $6.57 as the cost of buying the three tracks on iTunes.
- $50 towards the $75 cost of the three notices.
- $200 to reimburse the Copyright Tribunal fee.
- $360 ($120 per track) as a deterrent.
Commentary
The respondent's perspective
From reading the quotes from the respondent's submission, as far as they're concerned they got penalised $616.57 for downloading a single song. (They got two notices for that song because it was being uploaded as well, and they deny ever downloading or sharing the song mentioned in the final notice.)
Anonymity
The Copyright Tribunal does not publish the name of the respondent accused of copyright infringement. This will be a relief to the other 11 people waiting for their decisions.
Ignorance about filesharing
It seems clear from the quoted part of the respondent's submission that they have no real idea about how file sharing via bittorrent works. RIANZ and the Tribunal both also seem somewhat blind to the reality that a default uTorrent installation will set itselt to automatically restart whenever the computer is restarted, and will thus keep sharing until stopped.
Can't prove a negative
The Tribunal basically ignores the respondent denying that they downloaded the second track, saying that the law presumes that the notices are correct and that the respondent must show evidence that this is not true. The great difficulty involved in trying to prove that something didn't happen is not touched on by the Tribunal.
Quality of notices
The decision includes no discussion of the quality of the notices. This is disappointing as all of the notices we have seen to date have been flawed in one or more ways.
We also note that the second notice was sent on 19th June while the third notice was sent on 30th July. This means that the infringement would have had to have occurred between the 19th of July and the 30th of July to not have occurred during the stand down period. The timing looks a bit tight but the date of the infringement is not given in the decision.
Tribunal rejects RIANZ creative maths
The Tribunal rejected RIANZ's attempt to rewrite the law by making up numbers about how many times the tracks might been uploaded and then arguing that the respondent should have to pay that many times for each track. However, the Tribunal did allow that uploading might be taken into account when calculating the deterrent penalty.
Tribunal rejects RIANZ arguments re flagrancy
RIANZ claimed that a) installing uTorrent, b) infringing over 8 months, c) repeated infringement, indicated flagrancy and therefore a heavy penalty. The Tribunal noted that these will be common to nearly all cases appearing before the Tribunal and therefore the behaviour could not be seen to be particularly flagrant.
Tribunal ignores apology and efforts to stop file sharing
While the Tribunal notes that the respondent acknowledged wrongdoing, apologised and attempted to stop file sharing (possibly being defeated by lack of technical understanding), they do not seem to acknowledge this when setting the deterrent penalty.
Deterrent penalty
The Tribunal seems to have made up the principle that the deterrent penalty should be higher than the part of the penalty concerned with reimbursement, and therefore arbitrarily adds on another $360 ($120 per infringement). There is no acknowledgement that for many people a penalty of $256 is already a significant punishment.
Do they now have a license?
The decision does not establish whether the respondent now has a license to possess the music in question after paying the cost of buying it in iTunes as part of the penalty.
Conclusion
On the face of it this decision isn't too bad. The respondent admits they copied some music and the guilty judgement has apeared with minimum fuss and legal expenses. There was no possibility of their internet connection being disconnected - although we suspect that the respondent will be very reluctant to have their name on an internet account in the future.
This decision sets a benchmark penalty of approximately $600 for a typical infringing file-sharing case appearing before the Tribunal. While low compared to the ludicrous sums awarded by US courts (e.g. US$12,500 per track award awarded against Tenenbaum for a total of US$675,000) it seems high compared to penalties for some other NZ offences. Accordingly we think that this amount is still too high for what is infringement on a very small scale with someone who admits guilt, apologises and tries to stop file sharing.
Flawed law
However, this case once again demonstrates two of the key weaknesses of the law:
- There is no way to prove your innocence. No one in New Zealand keeps the kind of detailed network logs that would be necessary to prove that you hadn't done what you were accused of. All you can do is assert that you didn't do it and the Tribunal has just shown that they will ignore this.
- The responsibility falls on the account holder, not the people using the internet to infringe copyright. In this case the respondent admitted she had downloaded the first track, apologised and had taken steps to stop it happening again. She denied downloading the third track that triggered off the penalty and suggested that someone else might have done it. Obviously we can't know if she was telling the truth, but the reality is that most internet connections are shared and this could easily happen.
These two points are going to come up again and again. It seems certain that in many cases justice will not be done, with the account holder taking the fall for sloppy detective work on the part of RIANZ and the ISP, or the actions of other people sharing their internet account (see another case involving shared internet use).
We believe the law is unjust and needs to be dropped before too many people are punished for things that they didn't do.
RIANZ withdraw one of first cases to Copyright Tribunal
The RIANZ has withdrawn one of the first three cases to go to the Copyright Tribunal. The withdrawal happened after all submissions had been made but before the formal hearing at the Tribunal.
Tech Liberty helped the defendant with her submission along with assistance from Susan Chalmers at InternetNZ and a very solid pro bono contribution from Kate Duckworth at Baldwins.
The case
The defendant was a student in a flatting situation and was the account holder for the flat's shared internet account. She has never used file sharing software and we had to explain to her what it was and how it worked. It seems likely that one of her flatmates had it installed.
The flat never received the first detection notice and they didn't really understand the second warning notice. She did show it to her flatmates and asked them to stop doing anything they were doing. They denied doing anything, so she checked to make sure that their wireless network was properly protected by a password in case they had been hacked. The third notice was a mess - addressed to the wrong person, Telecom eventually withdrew it and replaced it with another one.
Then came the notice from the Ministry of Justice that action was being taken against the account holder. The defendant was very upset and worried, and contacted her local Citizen's Advice Bureau for help, who put her on to us.
The claims
RIANZ claimed a total of $2669.25 in penalties. This was made up as follows:
- $1075.50 as the cost of the music.
- $373.75 to repay the cost of the notices and tribunal fee.
- $1250 as a deterrent.
The cost of the music was calculated as being five tracks (total number of notices) multiplied by the $2.39 cost of each track on the iTunes store. The observant may notice that this works out to $11.95 rather than $1075.50. RIANZ decided, based on some self-serving research, that each track had probably been downloaded 90 times and therefore the cost should be multipled by 90. There is no basis in the Copyright Act or Tribunal regulations for this claim.
The effects
When we met the defendant she was very worried about the case and what it would mean for her. It caused her significant distress and preparing a defence interrupted both her studies and her part time job. The thought of a $2669 penalty weighed heavily on her and her plans for the future.
She immediately cancelled the flat's internet account and her and her flatmates were from that point without an internet connection at home. Obviously this was not good for their studies, social lives or personal business (e.g. online banking).
The flatmates refused to acknowledge any responsibility or offer to pay any money towards the penalty. Relationships in the flat broke down and the defendant left the flat soon after.
The defence
The defence concentrated on three aspects:
- The unfairness of the account holder being penalised for someone elses alleged infringement.
- Technical faults with the notices (see below).
- Criticism of the outrageously high sum requested by RIANZ as a penalty.
You may note that there is no denial that the infringing had occurred. This was not because the defendant admitted doing it or even that one of her flatmates admitted it. It's because there is really no way to prove that the allegations are true or false.
The notices from Telecom had a number of technical faults, of which the main ones were:
- Telecom sent out an incorrect notice then withdrew it and sent out another. Even the corrected notice had some errors and used different infringement numbers and the whole situation was very confusing.
- The second and third notices did not specify which first and second notices they were following on from, as required by the regulations. This made working out the timelines very difficult.
- The corrected third and final enforcement notice was sent for an infringement that happened within the 28 day stand down period after the warning notice, which means it was not a valid enforcement notice.
The defendant did ask the Copyright Tribunal for a formal hearing which she intended to attend.
The withdrawal
The defendant sent a submission to the Copyright Tribunal along with her request for a formal hearing.
A couple of weeks later she received notice from the Tribunal that RIANZ had withdrawn their claim and the file was closed. We do not know why RIANZ chose to withdraw their claim.
The law is unjust and unfair
This case exemplifies just how unjust and unfair the law is.
If you are the account holder you will be responsible for the actions of anyone using the account. There is no way for non-technical people to monitor or control what their flatmates or other people sharing the internet connection are doing. Even IT professionals would struggle to do so with the normal tools available on a home network.
The provisions in the law allowing for an internet account to be cut off have been suspended for now. This was because it is becoming increasingly clear that an internet account is becoming critical for engaging in modern society. However, the effect of this law was still the same - the defendant panicked at these allegations and cancelled her account, cutting off her entire flat from the internet.
The law is meant to act as a deterrent to infringing copyright, but the way it is written it is actually an incentive. "Just use a connection that doesn't have your name on the account and they'll be be the one who is penalised!" The only deterrent is to becoming an internet account holder.
Protecting yourself
How can you protect yourself against this unfair and unjust law?
- Don't be the account holder. See if you can persuade your flatmates, family member or business to be the internet account holder so that they'll be the ones who are penalised. Of course this is just protecting yourself at the expense of someone else.
- Don't use peer to peer file-sharing software to download copyrighted material without permission of the copyright holder. Tell anyone sharing your connection not to do so either.
- If you do receive a notice, examine it very carefully to check whether it is valid. Our article about valid infringement notices might help.
- If you get a second, warning, notice, cancel your account with that ISP and switch to a new one. This will reset the count.
- If you get summonsed to the Tribunal, spend the time to write a proper submission in your defence and ask for a formal hearing.
Ultimately, the only real protection is to get the law changed.
Feel free to contact us if you have received copyright infringement notices and would like some advice or assistance.
Useful links re the Law Commission’s Digital Harms report
A summary of articles and other information about the Law Commissions Harmful Digital Communications report (PDF) and the associated Communications (New Media) Bill (PDF).
Please send any updates or other useful links and we'll incorporate them. Last updated: 10/9/2012.
Tech Liberty
- What's wrong with the Communications (New Media) Bill and can it be fixed?
- Law Commission - Harmful Digital Communications
- Powers of the Proposed Communications Tribunal
Lawyer Steven Price
Lawyer John Edwards
Stephen Bell at Computerworld
Mike O'Donnell from Trademe at Stuff
David Farrar at Kiwiblog
Chris Barton at NZ Herald
Media 3
Richard Boock at Stuff
Netsafe
- Negotiation is the new black - the "Approved Agency"
- Trolls provide motivation for greater regulation
- Workshops on the Communications Bill are worth attending
InternetNZ
Police Minister Judith Collins
What’s wrong with the Communications (New Media) Bill and can it be fixed?
The Law Commission's proposed Communications (New Media) Bill (PDF) is the result of their report on Harmful Digital Communications. They are proposing:
- The creation of a new criminal offence that targets digital communications which are "grossly offensive or of an indecent, obscene or menacing character and which cause harm". Harm is said to include physical fear, humiliation, mental and emotional distress.
- The establishment of an Agency (i.e. Netsafe) that will be able to assist and advise people suffering from unpleasant digital communications.
- The establishment of a Communications Tribunal that will be able to respond to complaints and provide "speedy, efficient and cheap access to remedies such as takeown orders and cease & desist notices."
- Amendments to the Harassment Act, Human Rights Act, Privacy Act and Crimes Act to ensure that the provisions of these laws can be applied to digital communications.
- New requirements for NZ schools to work harder at stopping bullying of all kinds.
While sympathetic to the aims, we have some serious questions about the law and the thinking that lies behind it. This article discusses some of the problems that we see, talks about ways to resolve them and asks whether the problems are too great for some parts to be worth pursuing. We have arranged our arguments thematically and finish with our conclusions and recommendations.
Powers of the proposed Communications Tribunal
The Law Commission has proposed the creation of a Communications Tribunal that will be able to respond to complaints about internet speech and provide "speedy, efficient and cheap access to remedies such as takeown orders and cease & desist notices." The Tribunal would be made up of one of a number of selected District Court judges, with the optional assistance of a technical expert where required.
We were curious to see how what powers the proposed Bill would give the Communications Tribunal and how that would compare to the other tribunals mentioned in the report.
A future article will discuss the types of complaints that the Tribunal will deal with and the principles they are to use when doing so.
What powers would this Communications Tribunal have?
Once a complaint has been made and accepted by the Tribunal, they have certain investigatory powers:
- require any person to provide any document, information or things
- require any person (including the defendant) to give evidence.
Once the Tribunal has made the decision ("...with as little formality and technicality, and as speedily as is permitted...") it can order one or more of the following:
- remove any material from any online media
- forbid anyone from republishing or encouraging others to republish the same or similar material
- demand a correction, an apology or the right of reply
- publicly identify the author of a particular communication.
If the demand to produce/give evidence or any of these orders are disobeyed it would be punishable by up to 3 months jail and/or a $5000 fine.
Compared to other tribunals
In the Ministerial Briefing, they compare the Communications Tribunal to other tribunals such as the Tenancy Tribunal, Human Rights Review Tribunal and the Disputes Tribunal.
Firstly, we note that there is a major difference between the Tenancy and Dispute Tribunals (where the tribunal is arbitrating an existing agreement between two parties) and the Communications and Human Rights Review Tribunals where there is no pre-existing agreement between the people involved. This means that we think the Human Rights Review Tribunal is a better subject for comparison.
Secondly, disobeying any orders from the other tribunals does not result in a jail sentence but rather fines of between $1500 and $5000. The ability to back its decisions with a threatened 3 month jail sentence is is a major difference in the powers of the Communications Tribunal.
Thirdly, the laws for the other tribunals are much more detailed as to how they are to perform their work. There are procedures, clarifications of who can appear and when, oath-taking, rights of appearance and notification, etc, etc. The proposed Bill is either unfinished or the Law Commission really does seem to want hearings to be a quick and dirty affair, something that may not be appropriate when talking about issues that have important Bill of Rights implications.
Fourthly, the other tribunals do have some powers to order evidence and testimony - but legally privileged information is protected and the Human Rights Review Tribunal is subject to the Evidence Act.
Is there any defence/appeal?
There is no requirement for the defendant to be heard or to have a chance to put their case forward. (Lawyer John Edwards counters this by saying that the Tribunal's requirement to comply with the principles of natural justice would require that affected parties be given an opportunity to be heard.)
The complainant can appeal a decision to an Appeal Tribunal (made up of two District Court judges).
The defendant has no opportunity to appeal any decision, nor do other possible targets of an order (the ISP, webhost or 'any other person').
Conclusion
The Communications Tribunal would have very broad powers over internet content. Breaching one of their orders will result in a serious fine of up to $5000 or jail time of up to three months. This contrasts with the report stating that it would be "protective, rather than punitive" and would "not have powers to impose criminal sanctions". If you refuse to follow the orders (possibly because you believe they are unfair, breach your freedom of expression, or because it's technically impossible) you'll find that punitive criminal sanctions quickly follow.
The Law Commission repeatedly mentions that the Tribunal should be "speedy" and "efficient" with "little formality". The proposed Bill is very light on detail when it comes to the nitty gritty of running a Tribunal - presumably with the thought that this would just slow them down. They seem to be of the view that the Tribunal must react in "internet time" without quite realising that a result in days or even hours probably won't be good enough to avoid harm to the complainant.
The cases coming before the Tribunal are not always going to be easy, with internet flamewars and inter-clique battles typically leading to bad behaviour from all of the parties that will need to be unpicked properly to make a fair decision.
This lack of process and protection for the rights of the defendant to a fair hearing (including the right to silence) will surely lead to bad decisions that fail to take into account the principles of natural justice.
Moreover, the Tribunal is dealing with a very serious matter, the right to freedom of expression as guaranteed by the NZ Bill of Rights. This is not some petty dispute over who pays for the repairs to a car or whether the oven was cleaned properly on vacating a flat. The level of formality and respect to the rights of the participants is very different between the Communications Tribunal and the more directly comparable Human Rights Review Tribunal.
We believe that, even before you consider the grounds for complaining to the Communications Tribunal and the principles it will follow to make decisions, there are some serious problems with the Tribunal as conceived by the Law Commission. The proposed remedies are too expansive, the penalties for disobeying too harsh and the unseemly haste that will go into making a decision is not appropriate.
This post has been corrected on 22/8/2012 to clarify that only the complainant, not the defendant, can appeal an order of the Tribunal.
Te Papa doesn’t know why it’s censoring the internet
We recently received a complaint from a German tourist saying that when he tried to access a couple of innocuous German political sites using the free wireless at Te Papa, a page was displayed saying that his access to those sites was blocked. Te Papa had implemented internet filtering software to control what websites people could access.
The tourist complained to Te Papa. They initially tried to fob him off, but eventually he got through to someone and those sites were removed from the filter. A good outcome, right?
Not So Simple
This incident raises a number of questions:
- Why is Te Papa filtering what people see on the internet?
- What type of content is being blocked?
- Who chooses which types of content to block?
- Finally, why are they using software that flags a German political website as "Pornography (Japanese)"?
Click on the image to see it fullsize.
Why censor internet access?
We spoke to Te Papa but they couldn't tell us why they felt the need to censor their wireless. They did know that they blocked file sharing protocols to reduce internet traffic but couldn't tell us why they were blocking some websites. We'd understand if Te Papa wanted to use some censorware on internet terminals available to children, but their filter goes far beyond that.
Are they worried that people will somehow download banned material? It's not their responsibility and it's not like they're monitoring phone calls to make sure people don't have illegal conversations.
Are they worried that people will browse offensive material (pictures/video) in a public place and annoy others? An increasing number of their guests have smartphones and "bring their own internet" and someone could as easily watch a porn DVD on a portable player. In any of these cases, it would be a simple matter of asking them to stop.
We reject the idea that internet providers (for that is what Te Papa is doing by providing free wireless) are in any way responsible for what an internet user does with that connection, in the same way that they aren't responsible if someone uses Te Papa provided water or electricity.
Te Papa's Filter
Te Papa could tell us that they are using internet filtering supplied by their internet service provider, Telstra Clear, but they had very little idea about how it works.
- They don't know why they're blocking some types of content.
- They don't know what type of content is being blocked.
- They don't know who decides what to block and what criteria they use.
- They don't really want to find out, saying that they're "happy for them [Telstra Clear] to make the decisions".
Any museum and art gallery is surely aware of issues around censorship and free speech, Te Papa itself has been involved in certain controversies about what should be shown and to who. Why has Te Papa chosen to censor the internet with so little thought about why and how? As our visiting tourist put it:
Seeing this happen at Te Papa, a flagship of the capital, tells me something about democracy and the importance of free speech and human rights in NZ.
Our view
We tend to side with the visiting German tourist - it's inappropriate for a place like Te Papa to be censoring the internet.
We suggest that worries about people accessing "bad material" over public internet are overstated. Any inappropriate behaviour (e.g. viewing internet pornography in a public place) can be solved by asking them to stop.
If an organisation decides to press on with censorship anyway, it would seem at a minimum that they should:
- Be able to tell people what sort of material is blocked and why they're doing it.
- Have a process for deciding what to block.
- Provide an easy way to appeal any incorrect blocking.
- Not use software that is as badly written as that used by Te Papa and TelstraClear.
Of course, once you look at all that, doesn't it just seem easier to let people have unconstrained internet access in the first place?
