Tech Liberty NZ Defending civil liberties in the digital age

TICS Bill – Oral Submission

Posted on July 10, 2013

Text of our submission to the Law and Order Select Committee re the Telecommunications (Interception Capability & Security) Bill.

 

Introduction

I represent Tech Liberty, we’re a group dedicated to defending civil liberties in the digital age.

In general we support the ability of the government to have interception capabilities on telecommunications where possible, when those interception capabilities have suitable oversight and control. However we fear that technological development is slowly making this lawful intercept regime increasingly irrelevant.

We’ll be addressing this and some other elements of the first two parts of the bill, before talking about the proposal to make the GCSB responsible for cyber security in New Zealand.

 

The future of interception - the encryption problem

Tech Liberty was started to help defend our civil liberties when they are threatened by technologically related changes. These problems normally takes one of two forms:

  1. The first is where the government panics about some new technology and decides that it’s going to over-react and pass laws that infringe on our rights.
  2. The second is where technology enables governments to do things like mass surveillance that would have been impossible before technology made it cheap.

However there is also a third type, where new technology removes our ability to make decisions about what we want to permit or allow, regardless of our feelings on the matter.

One example of this is name suppression where, at least in cases of famous people, the information tends to leak out on social media networks and there’s really very little anyone can do about it. We can change the law all we like but we may have to face the fact that name suppression in cases of public interest just isn’t achievable any more.

Another example, and the one I want to spend some time talking about today because it has ramifications for this bill, is encryption.

 

Some facts about encryption

I want to start by presenting some well-established facts about encryption, because many people tend to have a lot of misconceptions about it:

  1. Encryption is highly secure. There are a number of modern encryption systems that are considered to be uncrackable short of a major breakthrough in maths or computing.
  2. Encryption is easily available. The algorithms are public, you can download sample code and any software developer can include it in their application for free.
  3. Encryption is cheap. It costs nothing to buy and we have so much processing power that we can encrypt everything we do without slowing down our computers.
  4. Designing encryption systems that allows third party access or intercept is hard. It tends to make the system more vulnerable to attack.
  5. Encryption can be multi-layered. If your network provider gives you an encrypted communications link, you can then further encrypt what you send across it and the network provider won’t be able to read it.
  6. Encryption does not always hide metadata - e.g. the email might be encrypted but the date, the sender and the recipient is not.
  7. The trend is towards encrypting everything. It’s not just used to keep things private, but for security and proving identity.

 

Encryption is incompatible with lawful intercept

This increasing use of cheap and easily available encryption is a direct threat to the idea of lawful intercept. Year by year, the percentage of interceptable communications will drop. Naturally we can expect those people of most interest to the Police, SIS and GCSB to be amongst the vanguard of those using encryption.

For an example of this in action, we can look at what’s happening with mobile communications as data-based services take over from telco services. If presented with a warrant Vodafone can easily hand over voice and texts sent over their network, but won’t be able to provide voice and texts sent as encrypted data using iMessage and Facetime on iPhones, or any of a number of other services.

 

The TICS Bill and encryption

How does this relate to the bill we’re discussing today? I think it’s important that we recognise that we’re not only not going to be able to intercept all communications, but that the proportion of those we can intercept is going to go down.

In other words, even while we support lawful intercept the power to impose it is increasingly being taken out of our hands.

As a group we’re concerned about issues where the government thinks it has agency but the technology doesn’t agree. These issues tend to lead to bad laws with unforeseen side effects.

 

Need to clarify that “Network operator provided encryption” ambiguity.

One concrete change that needs to be made to the bill is to make it clearer that network and service providers don’t have to decrypt communications.

In theory the bill already recognises this, but section 10(3) requires network operators to decrypt a telecommunication if the network operator has provided that encryption. Other sections also mention a “duty to assist”.

But what does “provided” mean in this case? It is entirely possible for a network provider to make encryption available to the users of the service that the network provider could not decrypt because the users have chosen the keys. (A good analogy would be if someone supplied you with a combination lock that allowed you to choose your own combination.)

The bill needs to make it clearer that network providers and those who work for them have no duty to break encryption where they cannot due to not having the keys.

 

Foreign services

The Bill also talks about the ability to stop the resale of foreign services that don’t provide lawful intercept. We think that this is just silly.

Let’s look at one example, Apple Computers. You’ve all heard of it and I wouldn’t be surprised to find that you’ve each got at least one Apple device in your respective households.

Apple provides communications services through iMessage and Facetime and these are designed to use encryption in a way that stops them being intercepted. These phones and services are being resold by Vodafone and Telecom.

Let’s assume that New Zealand finally gets a terrorist cell here who uses these services to plot an attack together. We think it’s very obvious that we’re not going to ban Apple from New Zealand, not least because Apple users tend to be quite fanatical and they might end up storming Parliament.

Now repeat this for Google, Yahoo, Facebook, and the myriad of other services.

We struggle to imagine a case where this part of the bill would be used effectively, and believe it should be removed.

 

No override

We understand that this committee is looking at the TICS Bill rather than the GCSB Bill but it’s also true that the two are somewhat intertwined, with the GCSB Bill letting the GCSB access the facilities provided by the TICS Bill.

One aspect we are concerned about is that the GCSB Bill has clause 15A(5) - “This section applies despite anything in any other Act.”

This could be used to override any of the procedures in the TICS Bill and ultimately makes a mockery of it and other laws that include reasonable safeguards.

So in the spirit of 15A(5), we recommend adding a countervailing clause to the TICS Bill along the lines of “This Act cannot be overridden by anything in any other Act.”

Now this will obviously lead to a conflict if the two clauses ever clash. It is our understanding that judges tend to, amongst other elements, use the New Zealand Bill of Rights to help them interpret confusing or conflicting law, an outcome that we would be very happy with.

 

No secret evidence

This bill provides for fines of up to $500,000 and $50,000 per day which I think we would all agree are quite significant.

An important part of the NZ Bill of Rights concerns the elements needed to make sure that people in our justice system are treated fairly.

We have serious issues with sections 96-98 that allow secret evidence to be presented in court without the presence of the defendant or their lawyer. This is particularly worrying as some of these trials, being about interception, could have significant amounts of classified evidence. How can there be a fair trial when the defendant and their representative don’t even know what evidence is being presented against them?

The bill even allows for this secret protection to be given to evidence from overseas intelligence agencies and other unreliable sources.

We acknowledge that this only applies to matters concerning the operation of this law, but we are greatly concerned that this sets a worrying precedent that will spread to other laws. This is particularly true because our spying allies, the UK and US, have both gone significantly further with secret courts and secret trials and we fear that this is the first step in following them.

More to the point, the types of offences contained in this bill just aren’t worth the damage to our justice system represented by these clauses. We reject the idea that secrecy around the operation of this law is worth protecting in this way and request that these clauses are removed.

 

GCSB as cybersecurity czars

While this bill is largely an update to the existing TICA law, there is one very large new section that gives the GCSB sweeping oversight and control powers over New Zealand’s telecommunications networks.

The bill refers to “partnership” between industry and the GCSB, but it is also very clear that by partnership it means that the GCSB will be in control. This is obvious when you look at the language used in the procedures defined in section 3. Network providers must consult with the GCSB, they must not proceed without approval, the GCSB can accept or reject proposed alternatives, and, ultimately, the GCSB can get a Ministerial direction that forces the network provider to follow their orders.

This is also not just for major decisions, it goes right down to the brand of PC workstations that the network providers deploy in their network operation centres. The bill is very detailed about what is covered and network operators, in order to be safe, will have to pass many, many decisions to the GCSB for permission.

We find this to be a gross imposition on the freedom of these companies to develop their businesses in their own way. We very much doubt that the GCSB will be able to cope with the volume of requests and it will introduce a layer of unnecessary bureaucracy and slow down development of services. It will lead to network operators making “safe” choices that they know will be accepted by the GCSB rather than making the best decisions for their business.

We believe that this will slow down innovation in the development of NZ-based network services while doing very little to improve security.

 

Why does the GCSB need this control?

Frankly we’re suspicious about why the GCSB thinks it needs this level of control. What do they intend to do with it? Do any other Western democracies give their spy agencies this level of control over their national networks?

We can assume it’s nothing to do with providing lawful intercept because the rest of this bill already provides all the lawful intercept that the GCSB could want.

Maybe the GCSB will attempt to protect us from Huawei - although it would seem a bit late with many of our major telcos already heavily investing in Huawei equipment. Does the government really need the power to protect US networking equipment manufacturers from Chinese competition?

 

Network security

We suggest that New Zealand is not seeing the sort of threats that could be mitigated by this proposal. Our network providers already have a strong interest in securing their networks and most of the incursions and attacks happen at the user level rather than the infrastructure level.

Indeed, network providers apparently already voluntarily work with the National Cyber Security Centre without any law coercing them to do so. Does anyone honestly think that network providers would not react appropriately if the GCSB could show that equipment from a particular vendor included spyware? We believe that this cooperation should be encouraged, although possibly with the NSSC being housed with the Police rather than the GCSB as it is at present.

 

Conflicts of interest

This brings up a more serious problem - can we trust a spy agency to do network security? There are some unfortunate conflicts.

We discussed encryption earlier and how the increasing usage of good encryption is going to make it steadily more difficult for lawful intercept. A major part of the accepted approach to securing communications is to use strong encryption wherever possible. But this will make the GCSB’s job of spying significantly harder. Which way will they go in their advice? Protect New Zealand’s communications or maintain their ability to spy?

Secondly, we keep hearing about the GCSB’s close relationship with the Five Eyes intelligence partners. We’ve also been hearing a lot in the news about the extensive spying performed by those partners on both their own citizens and those of other countries. Our question is, whose side is the GCSB on? Their intelligence partners or the citizens of New Zealand? Will they really risk closing a security hole that the NSA is relying on to collect information?

You may think it preposterous that anyone would even ask these questions but we can assure you that we’re not the only ones asking them - and it shows just how tainted the GCSB is when it comes to network security.

 

The wrong agency and the wrong model

We believe that the GCSB is the wrong agency to take a lead role in cybersecurity. They are a spy agency, they think like a spy agency, and too many people, including us, will refuse to see past this.

More importantly, we believe that this is the wrong model. Rather than a secretive government agency having command and control, we believe that network security should be a collaboration between government and the private sector.

We therefore recommend that Part 3 - Network Security of the bill be removed in its entirety.

Posted by Thomas Beagle

Comments (3) Trackbacks (0)
  1. I think that some Spies will be Illegal Spies, just like Criminals will be Criminals, and the Law does not matter to them, and so they will invent new ways to be Spies, regardless of the Law.

    I think is Highly Relevant to mention the Situation where Mass Surveillance, has had a History of Abuse, and this means the American Model, because Kim Dotcom did say that the current New Zealand Government wants to be a Partner of America’s Global Mass Surveillance.

    What we know, or even what we should be able to safely assume is that Anyone who is connected with regards to Commerce, or to Government, or to Criminality, will avoid being Recorded as to their Private Communications.

    This does not mean that the Activities of Commerce and Different Political Parties who Deliberately Avoid being Recorded are necessarily criminal.

    This is because even Companies and Political Parties of the Same Country need to keep Certain Secrets, and what Some Privacy, and so this is truer with regards Companies and Political Parties of Different Countries.

    We have learnt that Luxembourg Prime Minister Jean-Claude Juncker, the European Union’s longest serving head of government, said he will resign after he was implicated in a probe into Spying by his Security Service.

    The Constitutionally based Patriot and whistleblower Edward Snowden, has informed his Fellow Americans of the Infrastructure of a Police State whose Surveillance Powers far exceed those of Totalitarian Dictatorships such as the German Nazi Regime.

    Computer hackers can gain Full Control of your Computers, and those who are Knowledgeable can gain Full Control over your Mobile Phone, and your Landline Phone.

    What this means is that Taxpayer Funded Snoops is that whatever you can do on your Computers, your Mobile Phones, and your Landline Phones.

    There is one Vital Thing to understand, and that they had the Technology for this for a long time, and if they are not doing this at the moment, then as soon as they read this comment, they will get their Committee of Experts to start work on these Snooping Devices, which are only limited by the Human Imagination.

    I believe that all of these Devices can send sound recordings to an NSA Computers, and they can switch on the Webcam, and like I said they can do anything you can do, and they can do better on your Computer, and they do not even have to be in your house.

    It is wise to Consider a Personal Computer, a Mobile Phone, and a Landline as just Fancy Undetected Bugging Devices, and some allow Visual Snooping, and this goes for Laptops, and most forms of Modern Technology, and possibly the newer Refrigerators, Washing Machines, Television Sets, Radios, Sound Systems, and possible some or all of these when they are working, or not working.

    These Devices and Appliances can all store energy somewhere and just be a Type of Disguised Mobile Phones that sends signals to Satellites.

    I will give an easy to understand example, where we know that a Personal Computer can be made to Function like a Phone.

    A Personal Computer stores power to run the Computer’s clock when it is not being used, and it could have a Electronic Component that picks up vibrations and sends it either to a Satellite, or an NSA Computer who then record the sounds in the House.

    Perhaps People will keep these things in mind, and that they unplug the landline or fiber optic connection, and the power to the Computer, and put something over the Webcam.

    Experts might say that All the Components of All the Devices and Appliances that I have mentioned have Specific Innocent Purposes; and it could that half of some Components have a Specific Innocent Purposes, and the other half of some Components have their Snooping Purposes in Component that are never repaired, but just replaced if they become faulty.

    The point of doing all of this is to say that a Country is wasting their Money on Snooping on Foreigners, and so the Only Purpose of Wasting Money on too Many Snoops and Mass Surveillance is to Set Up a Military Dictatorship in that Country.

    The Taxpayer Funded Snoops and Others, can gain Full Control of your Computers, and so they can add or subtract from what you have written in order to set you up, and send you to a Concentration Camp.

    People might consider putting their Computers and Phones, in one room of their Houses when they are not being used, and putting on the Radio, and let them listen to that, and there is the Car, the House, and the Office.

    Every Letter could be Secretly photographed as to who is the sender and to who it is addressed to, and I think they Record the Letter with X Ray photography, and even though the letter is folded, a Computer Program can reveal what the Letter says.

    Many New Zealanders want their Government to conduct an Honest Review of the Surveillance State (SS), and a Proper Public Debate on this Matter.

  2. According to John Perkins as he explains in a number of Youtubes including NZer Vinnie Eastwood’s interview, the “bloodless” take over of the world by the corporatocracy is happening. Minister Judith Collins said in introducing the GCSB bill that data needed to be provided to “key economic entities”. That fits with what John Perkins says about the corporatocracy gaining access to to intercepted communications. But the corporatocracy are very entrenched in “cost-effective” action which however extermalises costs and is damaging the survivability. Noam Chomsky says something to the effect that one senator said it must be OK because it is all in God’s hands (regarding global warming in that case.) I would say that is a way of expressing worry, and I think there may be some worry in our own controlling politicians. Has it been explained to them that they are not really to expect this spying to work and the proposed law is only to give the spies legality when they want to use spy data which they can get in court?
    Then that seems to give practice at playing with the law, which could even go as far as making sure the corporatocracy gets the government it needs. Pretty hard to check in a marginal majority. And that may be the sort of data they are legislating they are not allowed to intercept. That sort of cover.

  3. We have seen what has been described as Arrogance with regard to Prime Minister Kohn Key’s response to the New Zealand’s Human Rights Commission’s Legitimate Concerns of over Mass Surveillance of New Zealand Residents and Citizens.

    Others might think that it was Dictatorial of John Key to say that the Funding and the jobs of those who work for the Human Rights Commission would be at Jeopardy if they refuse to Rubber Stamp the Undemocratic Orders of the Autocratic John Key.

    The Public of New Zealand considers the Human Rights Commission to be Funded with their Money, rather than Government Money, and that the Human Rights Commission belongs to the People of New Zealand, and not to the Government.

    Even if we assume that the current Prime Minister of New Zealand is Trustworthy, then this of itself does not guarantee that a Future Dictator might appear, who has All of the Features of a Dictatorial State Already Established.

    There are Many New Zealanders who want Parliament to have a Thorough Review of the Current State of the Spy Agencies, because they need this Information to be able to Properly Debate this Matter of Genuine Public Concern, because Legislation cannot be Debated to Ensure Democratic Safeguards, unless an Impartial and Honest Review has been done, and there could be some People who want a Royal Commission into this Serious Matter.

    There are Many New Zealanders who are comparing former Prime Minister Muldoon’s Dictatorial Style, to that of the Autocratic Style of the current Prime Minister of New Zealand, who Demands Dictatorial Retrospective Legislation to give Immunity from what the High Court said was Illegal Spying.

    It shows us the Pressures that will be applied to any Euphemistically called Overseers who are Government Selected to the Position of Oversight of Mass Surveillance and Snooping of New Zealanders, and who are Selected, because they might have been Snooped on, and the Prime Minister has the Dirt on them.

    Furthermore, if the Autocratically Selected People given Oversight want to keep their High Paying Jobs, then they will have to be a Rubber Stamp, because who Watches the Watchers.

    If they are not Highly Paid, even Secretly; then the Temptation is to earn Secret Money through Blackmailing those they find Dirt On.

    What Spies find does not have to be Criminal in Nature for the Proposes of Blackmailing.

    However, if they cover up Criminal Activity of the Upper Class for Money, then that is why they should Receive High Wages to if the Legislation is Approved by Parliament.

    This is why New Zealanders do not want the Prime Minister to Spy and Snoop on Citizens and Residents of New Zealand, and that if they are Suspected of Crimes, then that is a Matter for the Police, and not for the Spy Agency or Agencies.

    The Public Display of Arrogance and Autocracy Displayed Against the Human Rights Commission has undermined public confidence in the Oversight and Accountability Process, because what is it like behind the scenes.

    There are Many Parliamentarians who have Considerable Concerns with this Proposed Legislation, which we know is also opposed by the Law Society and the Human Rights Commission.

    It could be that I wrote some things ambiguously in my other comment, and so I want to provide further explanation, and this should be seen to compliment some of the things I wrote in my other comment.

    A Personal Computer acts like a Phone, and it can be made into an Undetected Listening Device.

    All that is needed is for there to be a power source, and a Phone converts vibrations into electrical signals that travel through wires or fibre optic cables which are then converted into sound at the Snooping Computer, and this is how others hear what is going on at the other Phone, which is a Computer in this example, and I am not referring to the way People know that sounds are being heard by another Computer.

    Scientists could or may have invented a way to make a Computer to convert vibrations into electrical signals and then Secretly Send (SS) that to whoever has a connection with your Computer, and then they can listen to you just like they can listen to you on a Phone, but you do not know they are Listening.

    Even though you think that you have switched off power to your Computer, it could be as long as the power plug is switched on, then there could be power to the Computer, even though there is no evidence for this on your Computer.

    The battery powered clock on your Computer, which powers the clock, stores power, and capacitors store power.

    It could be that the Sound Vibrations in the Home might be recorded digitally on your hard drive, exactly like music is recorded digitally, and when the Computer is switched back on, then that recording can be obtained by those who know how to do it, and they delete what they acquire from your Computer from the hard drive, in order not to leave a trace of what they have done.

    Computer hackers can gain Full Control of your Computers, including Webcam, and Anything that you can do on your Computer, the hacker or the Taxpayer Funded Snoops can do those things better, and do it Completely Secretly on your Computer, and they do not even have to be in your house for that.

    People might consider playing music while they are using their Computers, and when they do not use their Computers, they could unplug the power cable, the landline wire, or fibre optic cable to their Computers, and put something sufficient over the Webcam.

    They could consider putting their Computers in one room of their Houses when they are not being used, and putting on the Radio, and let the Snoops listen to that, and there is the Car, the House, and the Office.

    Experts working for Vested Interests, might say that All the Components of your Computer have Specific Innocent Purposes at https://en.wikipedia.org/wiki/File:Componentes.JPG .

    It could that half of some particular Components have Specific Innocent Purposes, and the other half of the same Components have their Snooping Purposes in the One Component that are never repaired, but are replaced after they become faulty.

    In other words, if a Specific Component becomes faulty because of its Innocent Purpose, then the Computer will not work, and the Computer will have to be repaired, and if that same Specific Component becomes faulty because of its Snooping Purpose, then the Computer will not work, and the Computer will have to be repaired, and these Components are never repaired, but they are replaced.

    Those dual purpose Electronic Components would be designed in such a way that if one breaks down, then the other function will not work, and so the Computer Component will be replaced, which will enable the Proper functioning of the Computer, along with the Snooping Capabilities available to Taxpayer Funded Snoops, and private hackers who may be Secretly Paid by the Government.

    Criminals will be Criminals, and Some Spies and their Bosses will Act Illegally, and the Law or Proper Principles and Ethics do not matter in the slightest to those with No Conscience who have Government Immunity from Prosecution, because their Crimes are Covered Up.

    They invent new ways to be Illegal Spies, and the Nuremberg War Crimes Tribunal could Classify these People as Guilty of Crimes Against Humanity, and Edward Snowden, has made Reference to the Nuremberg Trials.

    There could be People who think that there could be New Zealand Politicians in the Future, who want to set up Huge Bureaucracies, because this could be their way to Launder their Dirty Tax Free Money, and the Dirty Tax Free Money of their Friends.

    These Methods in the Future in New Zealand could be by using innocent looking Job Searching or Employment Placement Agencies, and even Excessive Government Spy Agencies or Government contracted Private Spy Agencies.

    If People make Foreigners and their Fellow Citizens understand that their Country is Wasting their Hard Earned Tax Money on Snooping on Foreigners because Foreigners are Avoiding Surveillance on Commercial, Personal, or even Criminal Matters, then that will mean that the Only Purpose of Wasting Large Sums of Money on too Many Snoops and on Mass Surveillance is to Set Up a Military Dictatorship in that Country.

    Many New Zealand Voters consider this Matter to be of Genuine Public Concern, and they want their Parliament to conduct an Honest and Unbiased Review of the current State of their Surveillance State, and to hold a Public Debate on this Matter.


Trackbacks are disabled.