Edited text of a speech given by Thomas Beagle at the launch of What If - "an education and action campaign working to stop data collection and sharing by the NZ State and private corporations for the purposes of social control and exploitation, and working for community control of information resources for the benefit of all".
The technocrats have a utopian view of our data driven future. As the NZ Data Futures Forum puts it, they plan to "unlock the latent value of our data assets and position us as a world leader in the trusted and inclusive use of shared data to deliver a prosperous society."
- They promise that we'll be healthier, with population wide tracking to predict and therefore prevent diseases.
- They promise that government services will be both cheaper and more effective through better targeting of those who need them.
- They promise that we'll be wealthier, with businesses able to offer new and exciting products based on our individual needs.
Indeed, is there anything that government and business couldn't do if they had enough data and some smart people to analyse it?
Now, this is going to require a lot of data. And when you're collecting a lot of data you've got to make sure that it's accurate.
One of the things that's particularly important is making sure that we have the right person. There's no point in targeting John Andrew Smith with a medical checkup when it's actually John Adam Smith whose genetic analysis shows their predisposition to a particular condition.
Wouldn't it be easier if everyone in the country had a single electronic identity, one that we could use as a digital key across all these systems to ensure that we had the right person?
And this is where RealMe comes in. It's a joint venture between the Department of Internal Affairs and NZ Post and, in their own words: "RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password."
The sales pitch is aimed at making it easier for the citizen consumer. Get a RealMe account and access a wide range of critical services that require strong proof of identity such as govt agencies, the health system, banks, and so on.
It's important to note that there are two sorts of RealMe accounts. You can get as many unverified accounts as you like - but if you want to use the more useful services you will need to get your account verified and your photo taken at an NZ Post shop. You're only allowed one of these.
RealMe is of particular appeal to financial institutions because of their new responsibilities to identify their customers and report suspicious transactions to the government as a result of the Anti Money Laundering and Countering Financing of Terrorism Act. Kiwibank, the BNZ and TSB Bank are using RealMe, with more expected to follow, although uptake has been slower than expected.
RealMe itself doesn't store any data about people, but it does enable two services that use it to share data if the person gives them permission. For example, if you apply for medical insurance, you can use RealMe to freely choose to give the insurer secure access to your medical records.
There's not much more to RealMe, but there doesn't have to be. It provides two vital components to enable data sharing on an ever larger scale - a key to identify a person, and a pipeline to share the data. It's an important building block in the creation of our glorious shared data future.
Issues with RealMe
Sadly, utopia is not assured. Let's look at some of the issues.
Firstly, data sharing. While the people who developed RealMe seem to have good intentions, I can't help feeling that they seem rather naïve. It's great that data sharing through the RealMe service is voluntary and done under the control of the user, but does anyone really believe that's how it's going to work?
If you want health insurance, you will be obliged to give them access to your medical records. Credit applications will demand access to your bank accounts. You could freely refuse - at the price of being turned down for what you're applying for.
And at some point I can assure you that there will be a small law change allowing the IRD full access to whatever data they want through the RealMe service.
There are other agencies that also have the power to override our privacy choices. The Police, SIS and GCSB can all legally access the information in the systems that RealMe have so kindly linked together, and we'd never know that they'd done it.
Secondly, it seems that RealMe will inevitably evolve into a de facto digital identity card; the "papers please" of the internet age. As processes move online, everyone is going to need a RealMe account and opting out will not be an option.
But there is a deeper philosophical problem with having a single verified identity. Do we actually want to use the same identity for dealing with the government, banks, Trademe, and a variety of social media sites? Will there be increasing pressure to use our 'official' identity everywhere? I see important advantages in being able to present different faces to people - to the people we work with, our parents, our children, our friends, our various communities.
And, of course, RealMe has a big future. It’s going to be available whenever the government thinks up a new reason why it needs to track us and spy on us. We don’t just have to worry about what it’s being used for now, we have to worry what will be build on it in the future.
To think of just one example, something that worries governments and businesses alike is the inability to conclusively identify who did what online. It seems possible to me that in ten years’ time we'll be obliged to connect to the internet using our RealMe identity.
With everything you do online linked back to your RealMe ID, the internet truly will be the greatest surveillance machine ever built.
However, it's when you add large scale data collection and analysis that you realise how this technocratic utopian vision can all too easily become a dystopia.
The same data that can be used to target assistance to those who need it, can be used to penalise those who transgress. Has an algorithm decided you feeding your children too much junk food? Did you spend time helping at the local community centre when you should have been looking for a job? Our data shows you were out in the car when you said you were sick last Tuesday, just how sick were you?
Citizen, justify yourself!
RealMe is just one more component of the big data transformation of our society.
I don't think that the big data juggernaut can be stopped. Every day the technology to watch, collate and analyse data is getting cheaper and more powerful. It’s the price of the modern internet and computer driven society.
And personally, I'm still enough of a utopian that I'm not even sure that we want to stop it.
But we know that people react differently when know they're being watched. We know that people value their privacy and feel powerless when others know their secrets. Can freedom of expression survive in a surveillance state? Will dissent, so necessary in a democratic society, wither under the all seeing eye?
So while we can’t stop it, there is a very clear need to control it. To make sure that we get the benefits while not accidentally creating a society we don't want to live in.
What can we do?
However I do believe that this is possible. We can't control what foreign companies and governments do, but we can set limits on what our own government can do, and we can pass laws that control what New Zealand companies can do.
This isn't going to be easy. We do have the Privacy Act, but the technocrats have the ear of government and they've already announced plans to repeal the Privacy Act and re-enact it in a form even more friendly towards data sharing. But even then, it’s not just privacy that we’re worried about, but power and control.
To stop this trend, to set up real protections, we’re going to have to persuade our fellow New Zealanders that we need them.
We have the power to decide what sort of country we want to live in. We can reject the surveillance society and the subsequent crushing of our democracy. I hope this meeting is another step on the way to doing so.
- Can the Police also search your mobile phone or other smart device if you're arrested?
- Can the Police force you to unlock it if it is secured by a password or fingerprint?
We asked the Police and while the answers aren't as in-depth as we'd like, we thought we'd share what we got combined with our own analysis.
Firstly, if the Police can legally search you (they have a warrant, you're in the vicinity of a legal search being executed, you're suspected of being involved in certain classes of crime, etc), section 125(1)(l) of the Search & Surveillance Act explicitly allows them to search your phone or other data device.
Furthermore, section 130 of that Act can be used to compel assistance (i.e. you must unlock it) if they are doing a legal search. Note that the "no self incrimination" clause is generally understood to refer to the information used to unlock, not the information that is revealed by being unlocked.
The Police also have access to a range of tools used to access the information on such devices. In 2013 the Police Electronic Crime Group searched 1309 mobile phones and other devices. This number doesn't include any searches at the District level (stats are not recorded) or by officers on the street persuading people to let them examine their phone.
Secondly, section 88 allows the Police to do a warrantless search of someone who has been arrested if they have reasonable grounds to believe that they have a thing that may be used to harm someone, be used to escape, or may contain "evidential material relating to the offence in respect of which the arrest is made".
It would seem that this clause would allow the Police a large amount of leeway to come up with some vaguely plausible explanation as to why they need to search your digital device if you're arrested. e.g. they could require the information on it to track your movements or who you communicated with before you were arrested.
From our brief analysis, supported by the information from the Police, it seems that the NZ Police can upon arrest:
- Search your mobile phone or other electronic device if they can formulate a plausible reason to do so.
- Oblige you to unlock it.
Does anyone have a counter view?
How long can the Police hold the data for?
Who can they share the data with?
What limits as to reasonableness will the judiciary impose when it comes up in court?
Written by Joy Liddicoat (member of APC and Tech Liberty), this comprehensive and perceptive summary is well worth reading by anyone who wants to know how we got here - and where we need to go.
New Zealand is a small country, with a population of less than five million, situated in the far reaches of the southern hemisphere. But its physical remoteness belies a critical role in the powerful international intelligence alliance known as the “Five Eyes”, which has been at the heart of global controversy about mass surveillance. This report outlines the remarkable story of how an international police raid for alleged copyright infringement activities ultimately became a story of illegal spying on New Zealanders, and political deals on revised surveillance laws, while precipitating proposals for a Digital Rights and Freedoms Bill and resulting in the creation of a new political party. We outline how civil society has tried to respond, and suggest action points for the future, bearing in mind that this incredible story is not yet over.
The TICS Bill (Telecommunications Interception Capability and Security), a partner to the GCSB Bill that has already been passed, is progressing through Parliament. See our round-up of articles about the Bill.
The Bill has been modified twice:
- The Bill as reported back (PDF) by the Law & Order Select Committee on 19/9/2013.
- A supplementary order paper added by the government on 15/10/2013.
The government has also provided two further documents:
- A comparison of the original 2004 TICA law and the TICS Bill (PDF).
- An infographic showing how law enforcement interacts with the interception requirements.
As reported back by the select committee
The Law & Order Select Committee made a number of minor changes to the Bill. Many of the changes are tweaks to the drafting that have no substantive effect, while others are minor technical changes to improve clarity or streamline procedures.
Even those that do attempt to make changes are fairly weak. E.g. the Director of the GCSB will now have the duty to make decisions about network security "as soon as practicable".
There are no substantive changes worth reporting.
Supplementary order paper 366
As reported in the press release from Amy Adams, the SOP makes the following changes:
- Clause 39, allowing the Minister to forbid the resale of a foreign service that doesn't allow interception, has been removed. This is a good change as the clause was basically unusable - no one really thought that the Minister was going to, for example, ban the sale of Apple products in NZ.
- The GCSB's oversight of network providers has been further cleaned up in an attempt to make it workable, and the Minister can now make regulations about the timeframes for decisions.
- The press release says "it is also proposed to narrow the scope of the matters that must be notified to the GCSB, reducing compliance costs for network operators". The words "any change" have now been replaced by "any change to the architecture", which would mean that minor changes would not have to be notified. However, the word "acquisition" has been added alongside procurement, thus extending the scope to systems that have not been through the normal procurement process (i.e. developed in-house or using free software).
- Adds an additional step before the Minister can make a direction to a network provider about how they should run their business. The Commissioner of Security Warrants will now be required to carry out their own analysis of the GCSB's risk assessment. The Minister will also have to take into account any cost or competition implications for the network provider.
- Acknowledges that some foreign-based service providers will not be able to provide assistance as required in clause 24 due to their own laws.
Tech Liberty comment
The changes to the Bill are largely tweaks designed to improve how the bill works rather than the product of any rethinking of what the government should or shouldn't be doing. Even the removal of section 39, which allowed the minister to ban the resale of foreign services, is fairly irrelevant as that part of the law was unworkable anyway.
There is no evidence that the revelations about the extent of government spying in our intelligence allies, the USA and UK, have had any impact on the TICS Bill which is still mainly concerned about making sure that all electronic communications in New Zealand can be exposed to government scrutiny.
The government is also still pressing on with their intention of giving the GCSB overarching control of New Zealand's voice and data networks. Again there have been some minor changes and shifts in emphasis, but network providers will still be obliged to get GCSB permission to expand or modify their communications infrastructure. The government claims that this is about improving security but it is also clearly about maintaining the ability of the Police, SIS and GCSB to spy on New Zealanders. How the GCSB will handle the tension between surveillance and security is yet to be seen.
One interesting element that hasn't changed is section 10(3) which obliges a network provider to decrypt a telecommunication where the network operator has provided that encryption. A number of submitters said that this was unclear - what about services such as Mega or LastPass that provide the encryption but don't have access to the key as it chosen by the user? The clause could be read to say that this was no defence and that the network operators would have to engineer in security backdoors or risk being fined. The government's decision not to clarify this would seem to indicate that this is the intention.
We believe that changes in technology mean we need to rethink surveillance, search warrants and interception. We also fear that the cold war heritage of our security services unreasonably influences their thinking and their operations.
We support the idea of an inquiry into our intelligence services to ensure that what they do and how they do it are in the best interests of New Zealanders. We also support the idea that just because something is technically possible, it doesn't necessarily mean that we should do it. There needs to be limits on surveillance to protect important rights, such as freedom of expression and freedom of association.
We have started our own project to develop a set of suitable laws and safeguards for surveillance and spying in New Zealand. Informed by the principles at Necessary and Proportionate, we want to come up with some solutions to the hard questions that we're all being confronted with. Please contact us if you'd like to be involved in this effort.
There's been a lot of confusion in the media recently about how much the GCSB will be able to spy on New Zealanders when the GCSB Bill passes.
When even Peter Dunne gets it badly wrong in the "Ask Me Anything" article he did in the National Business Review (see q4 from Rick Shera), claiming that they could only spy on NZers on behalf of the Police/SIS/NZDF, we thought we should clear some things up by looking at the legislation.
Spying on behalf
Firstly, everyone agrees that section 8C of the Bill will allow the GCSB to spy on New Zealanders on behalf of the SIS, Police or NZ Defence Force. This is the "giving assistance" part and it appears to be limited to only doing things that the original agency would have the legal authority to do.
Recent changes include more clarity about the GCSB's assistance being subject to the originating agency's oversight (e.g. the Independent Police Complaints Authority for work performed for the Police) and requiring any new agencies to be added by legislation rather than by an Order in Council.
GCSB spying on New Zealanders
The GCSB also has the power do its own spying on New Zealanders as part of its new cybersecurity purpose (defined in section 8A). "to do everything that is necessary or desirable to protect the security and integrity of the communications and information infrastructures".
The main interception powers are granted by section 15A and this makes it very clear that both interception warrants and access authorisations can be granted for the GCSB to spy on New Zealanders under purpose 8A (cybersecurity).
Interception warrants vs access authorisations
It's worth explaining the difference between interception warrants and access authorisations. An interception warrant (15A(1)(a)) is granted to spy on:
- one or more specific people or a class of person
- communications made in one or more specific places or classes of place
- communications sent from or to overseas
An access authorisation (15A(1)(b)) allows the GCSB to access a particular or class of "information infrastructure" which is further defined as "electromagnetic emissions, communications systems and networks, information technology systems and networks, and any communications carried on, contained in, or relating to those emissions, systems, or networks".
Therefore an interception warranted is targeted at a person or place (although the targeting can be very, very broad), whereas an access authorisation allows general access to all the information on a particular computer system, network or phone system, or a specified type of all of those systems.
The only difference between those granted for spying on foreigners and those for spying on New Zealanders, is that the ones targeting New Zealanders have to be signed off by the Commissioner of Security Warrants as well as the Prime Minister. The Commissioner is appointed by the Prime Minister.
Doesn't section 14 stop the GCSB spying on New Zealanders?
The new section 14 only stops the GCSB from spying on New Zealanders for purpose 8B (intelligence gathering and analysis). It does not apply to any surveillance done in relation to cybersecurity (purpose 8A) or done on behalf of other agencies (purpose 8C).
The new section 15C does stop the GCSB deliberately intercepting privileged communications (e.g. to your lawyer). However, see note below about incidentally gained intelligence.
Section 16 of the GCSB Act also allows certain forms of spying without a warrant or access authorisation. However, the bill adds section 16(1A) which says that this cannot be done for the purpose of intercepting the communications of New Zealanders. (See the notes below about metadata and incidentally gained intelligence.)
Putting it all together
So what does all this mean?
Most importantly it clearly shows that the GCSB can spy on New Zealanders for its own purposes without doing it on behalf of another agency.
We see that this has been deliberately set up to allow mass surveillance either now or in the future. For example, the GCSB could apply for an access authorisation for access to "New Zealand's mobile networks" and, after being signed off by the Prime Minister and the Commissioner for Security Warrants, they could then use that access authorisation to collect all phone calls, texts and data sent over the mobile networks.
This collected information could then be analysed and the resulting intelligence given to the Minister and any person, whether in New Zealand or overseas, authorised by the Minister (section 8A(c)).
In theory this activity would have to be done as part of their purpose to "protect the security and integrity of the communications and information infrastructures" but we see that this could be interpreted rather widely.
There are also a number of other issues around spying on New Zealanders that we haven't directly addressed in this article:
Metadata - There are a number of places in the bill that put limits on intercepting "private communications", but in the past the GCSB has interpreted that as only including the actual call, not the related data (e.g. when, who, how long, etc). Does this mean that the GCSB still thinks it can collect this metadata without a warrant or access authorisation? The bill is silent on this issue.
Incidentally gained intelligence - when the GCSB does collect information it shouldn't, it can still use that information if it would help prevent or detect serious crime, save lives, or be useful for the security or defence of New Zealand. This is a fairly large loophole in many of the limitations in the Bill.
Access authorisation for the GCSB - section 14 prohibits the GCSB from intercepting NZers private communications for purpose 8B intelligence gathering but they can do so for purpose 8A cybersecurity. Could the GCSB then obtain an access authorisation for access to its own database of already intercepted cybersecurity data for intelligence gathering purposes?
Sharing data overseas - how much of this data can be shared overseas? There appear to be no limits other than that the Minister must approve who it is shared with.
Collecting data from overseas - can the GCSB get data from overseas agencies (e.g. the NSA) that it couldn't legally intercept itself? Can it share data for the purpose of cybersecurity and then be given it back to be used for general intelligence?
What about data that New Zealanders store overseas? - are there different rules for information that New Zealanders store overseas with companies such as Google and Facebook?
Feedback and updates
Think we've got this wrong? Feel free to leave a comment with your interpretation. We'll make any necessary corrections or additions as required.
Text of Thomas Beagle's speech to the Urgent Public Meeting to Oppose the GCSB Bill held in Auckland, 25th July, 2013. (Or watch video of all of the speeches.)
I’m from Tech Liberty. We’re a group dedicated to defending civil liberties in the digital age. I want to start by explaining what that means in the context of this bill.
The NZ Police are continuing to expand their use of technology to watch and track people in New Zealand. We've already discussed automated number plate recognition, but information has emerged about two new initiatives:
The first is Signal - a tool used to scan and collate publicly availably data from multiple social media sites such as Twitter, Facebook and Youtube. This data can then be analysed to establish connections between people and events, and was used during the Rugby World Cup to monitor both boy racers and political protesters.
The second is the trialling of aerial surveillance drones. As part of the trials they have already been used in some Police investigations.
We're not reflexively opposed to the NZ Police using tools to do their job better, but we do have some concerns about how they can be used to infringe our rights to go about our lawful business without unwarranted surveillance and tracking. We believe that it is not healthy in a democratic society for our every movement and action to be monitored, stored and analysed by the government.
We've made requests to the Police for more information about both of these initiatives and will report more once we receive it.
One thing that is of concern is that the Police seem to be being quite secretive about their use of technology. It seems that they wait for someone to find out about it before releasing information in dribs and drabs, sometimes after prompting from the Ombudsman. If the Police aren't proud of what they're doing to more efficiently fight crime, perhaps they shouldn't be doing it at all.
A second concern is that our laws, even including the new Search & Surveillance Act, might already be out of date when it comes to the Police use of such technology. For example, are there any controls on amassing publicly available data to such an extent that modern data analysis software can make some assumptions about very private behaviour?
We'd like to see two things:
- The NZ Police taking a more proactive role in disclosing what they are doing and how they are doing it. They may even wish to do more consulting with community groups and watchdogs such as Tech Liberty and the NZ Council for Civil Liberties.
- Work on a new set of standards and principles to inform the Police's (and other agencies) use of new technology and "big data" systems. These should cover data integrity, retention, security, auditing and notification. This is something that Tech Liberty is currently working on.