Kiwis Want To Spy On All Communications, VPNs, And Be Able To Use Secret Evidence Against You
from the no-justification-needed dept
Although New Zealand’s decision not to allow patents for programs “as such” was welcome, other moves there have been more problematic. For example, after it became clear that the New Zealand intelligence service, the Government Communications Security Bureau (GCSB), illegally wiretapped and spied on Kim Dotcom, the New Zealand government announced that it would change the law so as to make it legal in the future to snoop on New Zealanders as well as on foreigners. Judging by a major new bill that has been unveiled, that was just the start of a thoroughgoing plan to put in place the capability to spy on every New Zealander’s Internet activity at any moment.
Here’s an excellent analysis of what the bill proposes, from Thomas Beagle, co-founder of the New Zealand digital rights organization Tech Liberty:
The TICS [Telecommunications (Interception Capability and Security)] Bill is a replacement for the Telecommunications (Interception Capability) Act 2004. This law forced communications providers (ISPs, telcos, data networks, etc) to provide “lawful intercept” capabilities so that the Police, SIS and GCSB could access communications once they had a suitable warrant. The new bill expands and clarifies these requirements.
However, the addition of the word “security” is the key to what has changed. The new bill now gives the GCSB sweeping powers of oversight and control over the design, deployment and operation of all data and telecommunications networks run by network providers in New Zealand. The stated reasons are to both protect New Zealand’s infrastructure and to ensure that surveillance agencies can spy on traffic when required. As part of this, the GCSB will have the power to stop network providers from reselling overseas services that do not provide these capabilities.
As Beagle goes on to explain, this will have a number of implications, including a requirement to build backdoors into all telecoms networks:
From the Bill:
A network operator must ensure that every public telecommunications network that the operator owns, controls, or operates, and every telecommunications service that the operator provides in New Zealand, has full interception capability.
Note that the surveillance agencies still need to have a legally issued warrant (under the Search & Surveillance Act, NZ SIS Act, or GCSB Act) to actually intercept any communications and there are obligations to avoid capturing communications that are not covered by the warrant.
Here’s one way that could dramatically impact Internet users in New Zealand:
It then goes on to give the Minister the power to ban the resale of an off-shore telecommunications service in New Zealand if it does not provide interception capabilities. This could stop the resale of foreign-hosted VPNs, instant message services, email, etc.
Another clause could have major implications for Megaupload:
Network operators must decrypt the intercepted communications if they have provided the encryption, but there is no obligation to do so if the encryption is provided by others.
What does this mean for providers such as Mega (file locker) or LastPass (password storage) who have a business model based on the fact that they supply a cloud product that uses encryption but have deliberately designed it so that they can not decrypt the files themselves? This gives users the assurance that they can trust them with their data. Will the government close them down unless they provide a backdoor into the system?
One deeply troubling aspect is the following:
There is also a provision that allows the courts to receive classified information in a court case in the absence of the defendant or the defendant’s lawyer. This applies to information that might reveal details of the interception methods used by the surveillance agency or is about particular operations in relation to any of the functions of the surveillance agency, or is provided as secret information from the surveillance agencies of another country. It can also be used if that disclosure would prejudice security of NZ, prejudice the maintenance of law, or endanger the safety of any person.
As Beagle notes:
particularly offensive to civil liberties are the provisions for convicting people based on secret evidence. How can you defend yourself fairly when you can’t even find out the evidence presented against you?
He concludes with an important point:
One must ask where the justification for this expansion of power is coming from. Has New Zealand already been materially affected by attacks on our communications infrastructure? It seems clear that while the GCSB may not be that competent at exercising the powers they already have, they have done a fine job of convincing the government that they can handle a lot more.
That’s a question that needs to be put to the governments of other countries, like the US and UK, that are also seeking to extend massively their ability to spy on their own citizens. What evidence do they have that such extreme, liberty-threatening powers are actually necessary, and will make the public safer, rather than simply being a convenient way for governments to identify whistleblowers who expose their incompetence and corruption, say, or to spy on those who dare to oppose them?