article, privacy, surveillance

An introduction to ANPR (automated number plate recognition)

ANPR stands for automated number plate recognition.

It’s a camera that can automatically recognise and read license plates on cars and then checks them against a central database. If the plate matches a “vehicle of interest”, the police can then decide to pull over the car and talk to the driver. ANPR cameras are typically deployed in police cars and in fixed installations by the side of the road.

The current state of ANPR in New Zealand

[Edit: there is some inconsistency between the information available over multiple letters from the Police and that reported in Police News.]

[Edit 2: Superintendent Carey Griffiths has denied that the Police will be storing the ANPR data and using it for tracking. We have asked the Police Commissioner for clarification.]

According to the June 2012 edition of Police News, the NZ Police have been trialling ANPR since 2009. This has involved four mobile ANPR units which are not that sophisticated in that they need two people to operate them (one to drive, one to watch the screen).

In theory the trial ended in January 2012 but it is our understanding from Police News that they are still using the current four ANPR vehicles (2 in Auckland, 1 in Waikato/Eastern and 1 in Christchurch/Southland) and are looking at deploying another couple.

We have requested copies of reports about the trial and any recommendations about further deployment of ANPR systems.

Thanks an OIA request by Alex Harris we also have a draft copy of the ANPR manual. There is also an associated letter where the Police report that the trial began in 2010 and has consisted of only two units for a limited time in Counties Manukau and Wellington, with them currently deployed in Counties Manukau and Waitemata.

The Police answer questions about ANPR

Some questions and answers from letters to the police about ANPR (questions are ours, answers are from the Police):

Q. What data is stored with each record (e.g. location, time of day, etc)?

A. The time date and a photograph of all vehicles passing the ANPR camera is stored.

Q. Will this information include the location of the ANPR device at the time of the lookup?

A. Yes it will include the location of where the device was deployed.

Q. How long will the data for each captured license plate be kept for?

A. Data of vehicle movements captured during ANPR deployments will be retained on a secure Police database. In time this information may be deleted with it is no longer required for the purpose it was obtained. Police may search the stored data if there is a belief that there may be information relating to a crime.

Q. Are the police considering using the information stored in the ANPR database to track vehicles?

A. The ANPR system alerts police to vehicles that are a vehicle of interest to police recorded in the vehicles of interest database.

Q. If so, do the police believe they would need to apply for a warrant to use the information in this way?

A. There is no requirement for police to apply for a warrant for any ANPR information as it is gathered in a public place.

Why does ANPR make us worried?

If ANPR was simply used by the police to help find people they are actively looking for, we’d probably have no argument against it.

The problem is that it’s more than just a simple database lookup. That central database isn’t just responding to queries, it’s also storing the date, the time and the place for every car that passes the ANPR camera.

So the police end up with a very big database of car sightings – which gives them the ability to track the movements of any car they wish. Even more worrying is that they can keep this data for as long as they like and therefore “go back in time” by entering queries for any day since the database was started.

The technology is rapidly getting cheaper and could easily end up deployed in every police car and in fixed places around major cities and roads, allowing for near total coverage.

Potential harm

There are three types of harm that can come from creating a new database like this:

  1. An inappropriate extension of police power that might be used badly. e.g. the Police use it to spy on political activists who are engaged in peaceful protest, breaching their rights to privacy and freedom from Police surveillance.
  2. Extension to other government departments. e.g. could CYFS access the database to determine that you are feeding your children badly because you park near the local McDonalds each day?
  3. Improper use. A police officer using it to stalk someone for their own reasons.

Tracking used to be hard

Tracking someone used to be hard and expensive but ANPR is going to make it easy and cheap. With ANPR you don’t need a whole team of people, you don’t need to install a GPS tracking device, you don’t need to get a court order to access mobile phone data – you just install ANPR devices everywhere and then ask the database about whoever you like.

More to the point, you also don’t need to change any laws or apply for a surveillance warrant to install a tracking device – you can just start doing it.

It’s the sort of information that a totalitarian regime would love to have. But is it the sort of information that we want our government to have about everyone?

Shouldn’t we talk about what sort of controls we might want to impose if such a system is implemented?

Are we going to end up with this system watching our every move without even any public debate about it?

article, filtering

Te Papa doesn’t know why it’s censoring the internet

21 Comments

We recently received a complaint from a German tourist saying that when he tried to access a couple of innocuous German political sites using the free wireless at Te Papa, a page was displayed saying that his access to those sites was blocked. Te Papa had implemented internet filtering software to control what websites people could access.

The tourist complained to Te Papa. They initially tried to fob him off, but eventually he got through to someone and those sites were removed from the filter. A good outcome, right?

Not So Simple

This incident raises a number of questions:

  • Why is Te Papa filtering what people see on the internet?
  • What type of content is being blocked?
  • Who chooses which types of content to block?
  • Finally, why are they using software that flags a German political website as “Pornography (Japanese)”?
Page showing that a German political website has been blocked because it contains pornography (Japanese).
Click on the image to see it fullsize.

Why censor internet access?

We spoke to Te Papa but they couldn’t tell us why they felt the need to censor their wireless. They did know that they blocked file sharing protocols to reduce internet traffic but couldn’t tell us why they were blocking some websites. We’d understand if Te Papa wanted to use some censorware on internet terminals available to children, but their filter goes far beyond that.

Are they worried that people will somehow download banned material? It’s not their responsibility and it’s not like they’re monitoring phone calls to make sure people don’t have illegal conversations.

Are they worried that people will browse offensive material (pictures/video) in a public place and annoy others? An increasing number of their guests have smartphones and “bring their own internet” and someone could as easily watch a porn DVD on a portable player. In any of these cases, it would be a simple matter of asking them to stop.

We reject the idea that internet providers (for that is what Te Papa is doing by providing free wireless) are in any way responsible for what an internet user does with that connection, in the same way that they aren’t responsible if someone uses Te Papa provided water or electricity.

Te Papa’s Filter

Te Papa could tell us that they are using internet filtering supplied by their internet service provider, Telstra Clear, but they had very little idea about how it works.

  • They don’t know why they’re blocking some types of content.
  • They don’t know what type of content is being blocked.
  • They don’t know who decides what to block and what criteria they use.
  • They don’t really want to find out, saying that they’re “happy for them [Telstra Clear] to make the decisions”.

Any museum and art gallery is surely aware of issues around censorship and free speech, Te Papa itself has been involved in certain controversies about what should be shown and to who. Why has Te Papa chosen to censor the internet with so little thought about why and how? As our visiting tourist put it:

Seeing this happen at Te Papa, a flagship of the capital, tells me something about democracy and the importance of free speech and human rights in NZ.

Our view

We tend to side with the visiting German tourist – it’s inappropriate for a place like Te Papa to be censoring the internet.

We suggest that worries about people accessing “bad material” over public internet are overstated. Any inappropriate behaviour (e.g. viewing internet pornography in a public place) can be solved by asking them to stop.

If an organisation decides to press on with censorship anyway, it would seem at a minimum that they should:

  • Be able to tell people what sort of material is blocked and why they’re doing it.
  • Have a process for deciding what to block.
  • Provide an easy way to appeal any incorrect blocking.
  • Not use software that is as badly written as that used by Te Papa and TelstraClear.

Of course, once you look at all that, doesn’t it just seem easier to let people have unconstrained internet access in the first place?

article, filtering

Survey shows opposition to mandatory govt internet filter

InternetNZ has commissioned a survey of the public’s thoughts about the government’s internet filter. Some of the interesting results include:

  • Very few people (only 9%) knew whether their ISP used the government filter. The ISPs using the filter represent more than 90% of the NZ internet market.
  • Less than a quarter (23%) wanted the government choosing whether to filter their internet connection.
  • Two-thirds want the filter to include other, non-specified, content.

Tech Liberty’s Comment

We’ve always been opposed to the government’s internet censorship system but support the right of people to choose filtering for themselves or their families. We’re pleased to see that the people of New Zealand agree with us, rejecting the idea of letting the government impose centralised censorship.

Unfortunately we already have such a system. While it is voluntary at the ISP level, their users get no say in the matter and this survey shows that most are unaware that they are covered by it. We also note that with Telecom, Vodafone and 2 Degrees all having implemented the filter there are no major providers of censorship free mobile data in New Zealand, further undermining any voluntary aspect to the current filter.

At the same time it also seems obvious that the internet has a lot of disturbing content that you might want to block other than just child pornography. Therefore it makes sense that someone wanting “cleaner internet” at their home would be looking for a more general purpose filter than the government’s one. A number of ISPs do offer such a service (either free or as an add-on) and it seems that they should be promoting this further.

In conclusion, it seems that the survey shows that the current government internet filter is implemented the wrong way for the wrong purpose and by the wrong people.

submission

New Media submission opposes media regulation

Tech Liberty made a submission to the Media Regulation review run by the Law Commission. The summary of our submission is as follows:

We recognise that “big media” still has a lot of influence in New Zealand but that this influence is declining as the internet gives people the ability to:

  • self-publish (“little media”)
  • share and distribute self-published articles
  • publicly critique the work of big media.

This change can be seen in the way that online media such as blogs used to be very reactive to work published in newspapers and TV, but now newspapers and TV are increasingly picking up stories from blogs and other forms of social media.

Much of the rest of the review was about how the media should be regulated but we believe that the need for greater media regulation has not been established.

Defining news media

The review suggests that regulation could be a trade-off for official recognition of news media, and spends a lot of time discussing who would be included in the definition of “news media”. We believe any definition would either be so broad as to be useless or so narrow that it would miss out many people and publications that arguably should be covered. This is especially true as journalism continues to develop and change in the internet age.

Special privileges for news media

The review suggests that we need a definition because some laws refer to the news media to bestow special privileges. Our preference is that these privileges should be extended to all citizens (e.g. replace the media “fair dealing” section in the Copyright Act with a more general “fair dealing/fair use” provision for all people) or should be available to all people when they are acting as a journalist.

Furthermore, any organisation that wish to include/exclude “news media” can make their own determinations as to who that is rather then relying on a government mandated definition.

External regulation

We do not believe that there is a need for an external regulator. Indeed, as the internet gives people the means to publicly criticise the output of big media, the need for a regulator is reduced compared to the days when only a very limited number of media companies could get their views out (due to limited airwaves or the need to own a printing press).

Current regulation is also generally quite ineffectual. The original message still goes out and then any correction is ignored as the issue is no longer “news”. Regulation tends to be after the fact score-keeping at best.

Any publishing company or journalist who wishes to be taken seriously has the ability to form a group and create their own code of ethics and regulator. The Press Council is an example of this and we do not see why other media groups who wish to be taken seriously could not do the same.

Finally, if there was a regulator our view was that it should be in the form of an Ombudsman with the ability to make morally rather than legally binding decisions.

Malicious speech online

The second part of the review was about harmful speech online.

We agreed that malicious speech online can be a problem just as it is when face to face Furthermore, the nature of the internet means that the malicious speech can both spread further and remain available longer.

We believe that the law is limited in what it can do about people being nasty to each other, either online or in person. Even if current law could deal with these issues, the international nature of the internet and the inevitable jurisdiction issues would mean that only a small proportion of problems could be resolved.

That said, many of the more contentious issues will be conducted by people who know each other well and probably even live in the same area. The law should be able to deal with issues of harassment using existing laws (possibly with the tweaks identified by the Commission to ensure that online communications are definitely covered).

We reject the idea that speech online should be held to a higher standard than any other form of speech.

We do support the creation of a new crime of “malicious online impersonation” with the caveat that it must be very careful not to include obvious cases of parody and other forms of non-serious impersonation.

No ISP responsibility

We oppose any attempt to make ISPs responsible for taking down or blocking information either hosted on their network or available through it. This is because ISPs typically have no visibility or control over the material that their customers might store on servers hosted with the ISP. Typically an ISP will only have one option – passing the request on to the publisher or turning off the entire site. Closing down an entire site would seem a gross over-reaction to the content of one offending post or comment.

It does seem appropriate to us that an ISP might have a responsibility to pass on a takedown message to the site owner (similar to the copyright legislation) or, upon presentation of a suitable court order, reveal the identity of the site owner so that legal action can be taken.

article, copyright, TPP

TPP Update

2 Comments

While ACTA gets all the attention in Europe, the governments involved in negotiating the Trans Pacific Partnership trade agreement are still charging ahead. There have been 10 major negotiating rounds as well as many inter-session meetings, with the countries involved aiming to get it finished before the end of 2012.

You can read more about the TPP treaty, or why we think it’s flawed, but this update is based on what we’ve been reading and a briefing from NZ officials today.

Firstly, the negotiators now have a consolidated draft text that they are working through slowly. Apparently the intellectual property (IP) sections are the most contentious with a lot of major differences still to be resolved.

Secondly, the main IP alternatives are the US proposal (leaked here and similar to other recent trade deals signed by the US) that would see copyright laws become more restrictive, more punitive and less just, versus the NZ/Chile ideas (leaked draft papers) which are largely based on TRIPS and allow for more flexibility between countries and even include some protection for consumers rather than just large media companies.

Thirdly, the US proposed IP chapter goes even further than what they originally proposed for ACTA (which was substantially watered down during the negotiating process). It includes internet account termination, statutory or triple damages in civil suits, an extension of what would count as criminal copyright infringement, allowing copyright holders to ban parallel importing, and criminal penalties for circumventing copy protection measures even if you weren’t breaching copyright. As is typical with these types of proposals, respect for the right to due process and a fair trial are sadly lacking.

Finally, the whole process is still very secretive with little information getting out. There is not intention to release any draft texts, and the countries involved have even agreed not to release details of negotiations until four years after the treaty is signed.

What you can do

There’s still a long way to go in the TPP negotiating process and there’s still room to demand a better treaty and a more open process. Write to your MP and make sure they’re aware of what’s happening and that you’re not happy about it

Considering joining TPP Watch if you’re opposed to the whole treaty, or on the IP front NZ Rise is doing good work on sticking up for our local IT industry while Creative Freedom Foundation NZ is defending the interests of local artists.

You can keep up with TPP news with the TPP Digest or by following Michael Geist, Knowledge Ecology International and Public Knowledge.

article, copyright

MegaUpload arrests in New Zealand

15 Comments

NZ police have arrested four people connected with MegaUpload.com in New Zealand today at the request of the US FBI. They have been charged in the US “with running an international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works through Megaupload.com and other related sites”. (FBI press release.)

Comment

We have little faith in the fairness and appropriateness of the US’s laws and processes around copyright and intellectual property. The US government is continually strengthening its copyright laws at the behest of the entertainment industry (see SOPA and PIPA) and is trying to pass laws that we would not like to see copied in NZ.

Will this NZ police cooperation lead to New Zealanders being arrested and handed over to the US for doing things that may not be serious offences in New Zealand? Which other countries’ laws do New Zealanders have to obey when using the internet?

Whether this case is an example of good international cooperation or the US demanding other countries help enforce bad law is yet to be determined. We will be monitoring this issue closely and hope to publish more information as it is available.

Media Links

Useful Links

article, copyright

Requirements for valid copyright infringement notices

Recently we examined some of the first copyright infringement notices sent by Orcon and noticed that they did not comply with the regulations.

The omissions are significant and make it harder for the accounts holder to challenge the notice on the facts, but we believe there are excellent grounds for challenging the notice because the notice itself is invalid. The rights holders may or may not accept this but ultimately it will be up to the Copyright Tribunal to make the final decision.

Notice Requirements

So, what are the requirements for a valid infringement notice? They’re spelt out in two places – the Copyright Act (mainly section 122) and the associated Copyright (Infringing File Sharing) Regulations. We’ll only be looking at the requirements for the notices from the ISP (internet service provider) to the account holder (the person paying for the internet connection).

A detection notice must include:
Continue reading Requirements for valid copyright infringement notices

article, copyright

Are some Copyright Infringement notices invalid?

10 Comments

One of the outstanding issues of the changes to the Copyright Act has been whether rights holders would issue notices that comply with the law. Since our regulations outline a number of detailed requirements for notices, rights holders cannot simply pass on whatever they send in other countries.

The first few issued notices are starting to leak out and it appears that they do not comply.

An Orcon user posted to the 3strikes forum copies of the notices they received. Comparing the information provided on those notices to the law and regulations, we noted the following problems:

  • There is no description of the type of work as per 14(1) of the Copyright Act. (Regulations 4(2)c(iii).)
  • The nature of the breach (as described by 15(1) of the Copyright Act) is not specified. (Regulations 4(2)c(iv).) The notice only says a breach has taken place, not the nature of it.
  • The date and time given on the first notice is not specified to the second. (Regulations, 4(2)c(v).)
  • The file sharing application or network is not specified. (Regulations, 4(2)c(vi).)
  • The notice number does not include information that identifies the type of notice or the IPAP that sent it. (Regulations 5(2)(b) & (c).)

These details matter because the account holder needs to understand what they are accused of so that they can properly defend themselves.

Account suspension

We are also deeply concerned that the notice makes the claim that your Internet connection can be suspended by the District Court for up to six months. This part of the law has not yet been activated, and it is alarming that notices are already misleading users on possible penalties. Orcon should not be making such claims.

Concluding questions

The notices as posted do not comply with the requirements of the law and regulations.

Does this mean that they are invalid and can be challenged (or ignored) as such?

Will the Copyright Tribunal accept them as valid or not?

Does this mean that all notices sent through Orcon are invalid?

article, surveillance

Is your mobile company spying on you?

5 Comments

There has been a bit of a kerfuffle in the press recently about Carrier IQ – a piece of software that hides on your phone and reports data back to the telephone company. (More technical details here.)

We wanted to know whether New Zealand telecommunications companies are installing this sort of software on the phones they sell to us.

Telecom deny that they used anything of the sort:

No, we do not use Carrier IQ. Our devices do not come loaded with this type of software and we don’t have an agreement with Carrier IQ or any other company that implements tools like this.

Vodafone also deny using such software and make a good point about it contravening the Privacy Act:

Vodafone would never knowingly contravene the privacy act and to the best of our knowledge this software is not on any of the devices we sell.

Telstraclear have also denied it (brevity due to denial being via Twitter):

@TelstraClearNZ No, our devices do not keylog. ^TN

2 Degrees joins the rest:

No, we haven’t. The only customer information 2degrees records is for billing purposes. We don’t monitor our customers’ handset activity or request that any software to do so is installed on devices.

Thanks to @nzkarit on Twitter for his assistance with this article.