Tag Archives: interception

Open letter to John Key – the right to know

Dear Mr Key

This letter is partly in response to the findings of the Kitteridge report about the GCSB and their failures to follow the law, but is also mindful of the recent PRISM revelations about the actions of the NSA in the USA, as well as the mass spying revealed to have been carried out by the GCHQ in the United Kingdom. As disturbing as these revelations have been, we cannot help but be shocked that this surveillance was done in secret without the knowledge of the citizens of each country.

We assert that, as citizens of a democratic society, we have the right to know the methods that government agencies use to watch us. Without this knowledge we cannot assert our rights to put appropriate limits on their use.
Continue reading Open letter to John Key – the right to know

Submission – Telecommunications (Interception Capability & Security) Bill

Full text of the Tech Liberty submission to the Law & Order Select Committee concerning the Telecommunications (Interception Capability & Security) Bill.

Summary

In general we support the ability of the government to have interception capabilities on telecommunications where possible, when those interception capabilities have suitable oversight and control. We have made some technical suggestions on how Part 2 – Interception Duties could be improved and clarified:

  • Publish a list of service providers with interception responsibilities.
  • Remove the ability for the Minister to ban the resale of overseas services.
  • Clarify the duty to decrypt to indicate that it does not require network providers to supply deliberately weakened encryption with government backdoors.

We reject the idea that the GCSB should have oversight and control of communications networks in New Zealand. No need for this has been established and the use of an agency whose main focus is spying on external organisations is inappropriate and open to abuse. We therefore recommend the removal of Part 3 – Network Security in its entirety, possibly to be replaced by the establishment of a coordinating and consultative, not controlling, network security body.

Finally, we find the idea of evidence being presented in court that cannot be seen by the defendant and their lawyer to be extremely offensive to the right to a fair trial as promised by section 25 of the Bill of Rights Act. We therefore recommend the removal of Subpart 8 – Protecting Classified Information (sections 96-98). If this is retained we recommend that the appointment of a special advocate as in 97(3)(c) should be mandatory rather than optional.
Continue reading Submission – Telecommunications (Interception Capability & Security) Bill

GCSB’s new powers for wide-spread spying on New Zealanders

There have recently been a number of revelations about the US government spying on its citizenry and other people around the world (a good summary). Many people have been shocked to find out the extent of the US’s spying and access into theoretically private systems.

What many New Zealanders don’t realise is that the NZ government is currently changing both the GCSB Act of 2003 and the Telecommunications Interception Capability Act of 2004 to allow similar levels of access to New Zealand communications for the GCSB (Government Communications Security Bureau).

Current law

The current TICA law already gives the GCSB, Police or SIS the technical capability to intercept all NZ communications if they have a valid warrant.

The GCSB can get warrants to spy on the communications of foreign people and organisations, although they can spy without a warrant if it doesn’t require the installation of any device (e.g. wireless/satellite/radio/mobile).

TICS – Telecommunications Interception Capability and Security Bill

The new TICS Bill clarifies and expands on these interception capabilities. It also allows them to be extended to service providers (people who offer “goods, services, equipment, and facilities that enable or facilitate telecommunication”) such as email providers, Trademe forums, Mega, etc.

TICS continues the existing regime where these interception powers can only be accessed with a valid warrant, but keep reading for the new exceptions to this in the GCSB Bill.

Furthermore, the TICS Bill also creates a new role for the GCSB, ensuring the security of New Zealand’s telecommunications infrastructure. This includes wide powers of oversight and control of how communications networks are managed and implemented in order to “protect New Zealand’s national security or economic wellbeing”.

GCSB – Government Communications Security Bureau and Related Legislation Amendment Bill

The new GCSB Bill gives the GCSB three purposes (we’ll come back to these):

  • 8A – Information assurance and cybersecurity. (Expanded from protecting government communications to a much wider responsibility for New Zealand’s communications.)
  • 8B – Intelligence gathering, analysis and sharing. (Similar to the existing law except that it adds “gathering information about information infrastructures” to the existing spying on foreign people/organisations.)
  • 8C – Helping the Police, SIS and Defence Force by providing advice and assistance in helping them execute their own legally obtained warrants. (This is entirely new.)

The bill doesn’t significantly change how the GCSB can apply for an interception or search warrant, but it does add a whole new class of “access authorisation”. To quote section 15A(1)( b)

The Director may apply in writing to the Minister for the issue of an access authorisation authorising the accessing of 1 or more specified information infrastructures or classes of information infrastructures that the Bureau cannot otherwise lawfully access.

These authorisations are granted at the whim of the Minister (although see below) and are incredibly wide-ranging and open-ended. There are no recommendations of limits (other than what the Minister sees fit to impose) and there is no automatic expiry. And just in case you thought that the TICA/TICS law might provide some protection, the GCSB Bill goes on to add section 15A(5):

This section applies despite anything in any other Act.

Most importantly these new access authorisations can be used for purpose 8A (cybersecurity) as well as 8B (information gathering). As paragraph 36 of the Regulatory Impact Statement explains: “an amendment will also be required to allow the GCSB to see who (namely NZ individuals and companies) is being attacked”. That is to say, the GCSB believes that it needs to be able spy on New Zealanders to maintain ther security. Based on what we know from recent reports in GCSB activities, we assume that the GCSB particularly intends to collect communications metadata (i.e. who speaks to who, when and how often but not what they say).

If you had any doubts about whether this applies to NZ communications, section 15B then further clarifies that for any access authorisations “for the purpose of intercepting the private communications of a New Zealand citizen or permanent resident of New Zealand under section 8A (cybersecurity)” the authorisation must be approved by the Commissioner of Security Warrants as well as the Minister.

And finally if you were hoping that section 14, which controls the ability of the GCSB to target New Zealanders would provide any protection, this only applies when the GCSB is performing duties under section 8B (intelligence gathering) and not section 8A (cybersecurity).

Putting it all together

The GCSB believes it needs to monitor the communications of New Zealanders in order to ensure that it can protect them from attacks.

TICA and TICS establish the technical capability for the GCSB to spy on any communications, subject to the limits in that law and the GCSB Act.

A section 15A(1)(b) access authorisation can give GCSB power to access any communications system it wants for the purpose of spying or information security, irrespective of any legal controls in any other law. This will allow it access to the facilities provided by TICS/TICA.

The GCSB will be spying on New Zealanders.

Conclusion

These new laws are not some minor adjustments to the work of the GCSB and how interception works. They are not just about letting the GCSB provide technical assistance to the Police, SIS and Defence Force.

While people in the USA are getting upset about the revelations of the extent of NSA spying there, these new laws give the GCSB far greater control of New Zealand communications networks, and practically unlimited capacity to intercept New Zealand communications.

These new laws are the point at which New Zealand switches from being a society that investigates “bad guys” subject to judicial oversight, to being a surveillance state where the government is always watching and recording everyone just in case they’re thinking about doing anything wrong.

We don’t want to live in that society. We believe that these new laws contravene the right in the NZ Bill of Rights to be free from unreasonable search and seizure, and will have a chilling effect on the rights to free expression and freedom of association.

We think that these laws need to be stopped.

Surveillance: current law

The Search and Surveillance Bill is an attempt to rewrite New Zealand’s laws around search and surveillance.

One thing that has become clear in the debate around the bill is that many people are not fully aware of the existing powers that government agencies have to pry into our personal affairs. It’s not uncommon for someone to decry a ‘new’ power in the Search and Surveillance Bill, only to be told that it is already in existing law.

This article lists, to the best of our knowledge, the current ways that the government can use to watch us. We will expand/correct it as additional knowledge comes to light.


This article has not yet been updated to reflect the changes made when the Search & Surveillance Act became law.


Continue reading Surveillance: current law