Red Alert

Archive for the ‘privacy’ Category

Why a spy-free internet should be a human right

Posted by on June 14th, 2014

Last Wednesday I had an opinion piece published in the Dominion Post titled Why a spy-free internet should be a human right. Unfortunately it hasn’t been put online (still) so I can’t link to it.

However I have posted below the fuller version of the piece I submitted to the Dom Post. An edited version was published.

New Zealand: a nation of  digital pioneers or laggards

On 10 June 2013 Labour made the first public statement of concern just days after news broke that the equivalent of the GCSB had been routinely monitoring US citizens’ phone calls, texts and social media activity. Our voice was joined by hundreds of thousands of Kiwis as the National Government, abetted  by Peter Dunne, pushed two pieces of law through Parliament to provide the GCSB with wide ranging invasive powers which extend into all of our technology companies and reduce their ability to innovate without asking for permission first.

We New Zealanders place a very high value on our open democracy. But without privacy, there can be no democracy. How can you even consider dissent when the state is listening to everything you say? Of course security also is necessary for democracy, but there needs to be a balance between them. The recent revelations about surveillance show this balance has been ignored.

John Key has told us that security is more important than anything, but he didn’t say why. Through Snowden, we now know about the mind-boggling reach of state surveillance into citizens’ homes. New Zealand’s link through the five eyes network raises questions about our role in the US-led global surveillance network and the impact of that surveillance on the relationship between the New Zealand state and its own citizens. It is frightening that this has been done in the name of security by the free world.

Half of New Zealand’s population has a Facebook account. Three quarters of households have an Internet connection and 60% of us have smartphones. We are becoming completely reliant on the Internet and the technologies that make it work. Our financial systems rely on data storage and secure electronic transactions; our personal data is stored and manipulated by companies and government, yet we now find that the information security we depend on for the security of our data and our economy as been deliberately undermined to make surveillance easier.

Labour says that access to the Internet should be a right just like the right to free expression. This is more than rhetoric. Any prospective government in 2014 should make this policy, and must make the internet off-limits to government interference.

Our current Bill of Rights Act dates back to 1990 when almost no-one had heard of the Internet, let alone used it. How things have changed! Labour has proposed a Digital (or Internet) Bill of Rights setting out what we can all do online. The Greens also have proposed declaratory piece of legislation along the same lines. The Internet Party has proposed reforming the Privacy Act, reviewing surveillance laws and strengthening human rights protection and Internet freedom. All these approaches have merit and we want to see a discussion among New Zealand’s excellent legal, tech and human rights-focused community. It is essential that we protect citizens’ privacy, encourage innovation and keep New Zealand a progressive country with a responsible approach to its own national security. We should take care to get it right, but we should not take too long.

These things will have a profound impact on society, and position us as a pioneer or as a laggard in the digital world. A Labour-led government will drive and implement a digital rights framework. We will do this alongside an inquiry into our surveillance agencies, in particular the GCSB, and we will recast our security laws. We say that our citizens should not be exposed to blanket mass surveillance.

The National Party and the right are disinterested, perhaps deliberately because this discussion leads to uncomfortable questions about surveillance and privacy. But the parties on the left have the public’s ears and their hearts.

New Zealand has always been a forward-looking nation. Recognising Internet access as a fundamental human right and enshrining it as part of our civil society is our next progressive step. As Sir Tim Berners Lee, creator of the world wide web, recently said, “unless we have an open, neutral internet…we can’t have open government, good democracy, good healthcare, connected communities and diversity of culture.” If we don’t act to avoid the digital divide becoming entrenched we risk lack of digital access resulting in second-class digital citizenship.

New Zealand would certainly not be alone in enacting such a bill or declaration. Brazil as already adopted one. There is a bipartisan movement in the US Congress to do so. The movement is becoming global, and New Zealand must be part of it. Labour envisages a dynamic public interaction with the progression of rights-friendly digital legislation.

By forging a rights-friendly approach to the Internet and data issues, New Zealand will establish its reputation as a digital hub for innovation. More tech companies will be attracted here and more start-ups that need digital connectivity will be able engage effectively with the rest of the world. New Zealand’s emerging digital economy relies on its reputation as a trustworthy place to do business and to promote innovation. Secretive surveillance laws and uncertain rights around the Internet are a threat to this. Labour is committed to match security laws with strong privacy protections and to protect our civil liberties.

Across the globe people are demanding the right to access the internet, the right to privacy, free speech and to a neutral internet.  Without these there can be no open government, no good democracy, no connected communities and no diversity of culture. Just as the Internet transcends national boundaries, a Labour-led government will work with other countries to agree a common set of principles and rights on the Internet. We challenge the other parties in New Zealand to agree to do likewise. We embrace the multi-stakeholder approach of our very own Internet NGO, InternetNZ, which was worked to ensure a framework that keeps governments and corporates at arms length from controlling the Internet.

An international standard, which articulates not so much the values of Western democracy, but the values and importance that underlie an open internet. Is not this truly new and ground-breaking evolutionary thinking and does it not show how the internet is transforming the world away from traditional notions of governance?

Let us recast ourselves as the pioneers of digital thinking and not remain laggards. Our small country has leapt before into unchartered waters based on our shared beliefs in what is right. We can do it again.


The chilling effect of TICs

Posted by on October 14th, 2013

Update: The second reading of TICs is tomorrow. It seems likely the Govt will try to rush through the committee stages and third reading this week.If so, this is an extraordinary abuse of process, because there is almost no time to consider the impact of the Minister’s SOP and to undertake the debate that needs to be had. One fo the worst things about this Bill is the refusal to have meaningful and respectful discussions with the businesses which will be most affected, or to acknowledge the impact on NZ consumers. Please help to fight this Bill’s passage.

Tell Amy Adams what you think by emailing her at: Amy.Adams@parliament.govt.nz or Selwyn.Office@parliament.govt.nz. You can contact her on twitter @amyadamsMP

Amy Adams tonight released last minute amendments to the Telecommunications Interception Capability and Security Bill (TICs). The fact that she has introduced an SOP at such a late stage indicates she and her government is concerned that there are serious deficiencies with the Bill as it came back from the select committee.

However, her amendments are not substantive and appear to be window dressing. They reflect the hurried passage of this Bill, the lack of consultation with industry and the likely consequences on the privacy of Kiwi citizens and detrimental impact on NZ tech companies and their ability to innovate.

That she is introducing an SOP at all indicates that the National Govt majority on the committee did not, or would not, consider the implications of the Bill to NZ-based and internally-based tech companies.

In particular;
Amy Adams has now signalled there will be a more rigorous assessment of the costs and benefits, including the impact of the cost on the telecommunications company of requirements under the new law. In the Labour minority report we said: “Labour notes that subsequent submissions to the select committee by several network operators outlined potential significant annual operating costs and the potential capital expenditure costs. The committee did not seek advice on these supplementary submissions and the economic impact was therefore not taken into account. In our view this was negligent and irresponsible.”

The Govt’s majority select ctte refused to take account of the warnings raised by network operators of the impact on their business by this Bill. While she is now obviously acknowledging that there may well be an impact Amy Adams needs to specify exactly what a “more rigorous assessment of costs and benefits” will involve and where the Bill will reflect that.

Labour stands by our conclusion in the Minority Report that:
There are many reasons to oppose this Bill. It is ill-thought out, rushed and the government has refused to take account of core concerns raised by submitters. There has been no case made for the expanded powers of the GCSB and of Ministers.

Below is Labour’s Minority Report following the report back from the select committee. (more…)


Are we all John Key’s playthings?

Posted by on July 2nd, 2013

Despite a consistent chorus from lawyers, civil rights organisations, telecommunications companies, and many others arguing that John Key’s new GCSB legislation (and the accompanying telecommunications interception bill) will increase the GCSB powers and sanction its role as a domestic spy agency, this is what the Prime Minister had to say in answer to question from me last week in parliament:

Intelligence Agencies—Sharing of Information on New Zealanders

10.CLARE CURRAN (Labour—Dunedin South) to the Prime Minister: Does he stand by his statement of 11 June 2013 that “I can assure the House that we do not use our partners to circumvent New Zealand laws”?

Rt Hon JOHN KEY (Prime Minister): Yes.

Clare Curran: How can he justify his statement this week that his new laws will not expand the Government Communications Security Bureau’s powers when three telecommunications network companies, an international service provider, and the New Zealand Law Society all told a select committee today that these powers will be expanded and that they do not support this?

Rt Hon JOHN KEY: Because it is correct.

Clare Curran: How can he continue to deny the expansion of the Government Communications Security Bureau’s powers through his new legislation when the major New Zealand – based telecommunications companies, which invest millions of dollars into our local economy, told the select committee today that this will have a chilling effect on their investment and development in new networks?

Rt Hon JOHN KEY: I think the member is showing her ignorance by confusing the Telecommunications (Interception Capability and Security) Bill with the Government Communications Security Bureau and Related Legislation Amendment Bill.

Clare Curran: Are there comparable protections in his new legislation for the privacy and rights of New Zealand citizens and businesses alongside the expansion of the bureau’s powers to become a domestic spy agency?

Rt Hon JOHN KEY: I reject the member’s premise.

Clare Curran: Given the revelations last week that the Government Communications Headquarters—the British equivalent of the bureau—is attaching intercept probes on to transatlantic fibre-optic cables where they land on British shores, does the bureau intercept the Southern Cross cable or any other transoceanic system that connects New Zealand’s internet to the rest of the world?

Rt Hon JOHN KEY: I do not believe it is in the national interest to talk about those matters.

Clare Curran: Is he aware of the concern raised in Google’s submission to the select committee that requiring global internet companies based outside New Zealand to undertake interception may put them in conflict with statutory privacy and confidentiality obligations in other countries—in other words, enforcing his law might force companies such as Google to break other laws?

Rt Hon JOHN KEY: The member should direct her question to the Minister responsible. She is getting terribly confused between the Telecommunications (Interception Capability and Security) Bill and the Government Communications Security Bureau and Related Legislation Amendment Bill.

I wasn’t confused at all. Both pieces of legislation are intimately linked. As John Key knows. Tomorrow will be interesting


Privacy Bill to be Debated

Posted by on May 16th, 2013

Today, my Bill to give more tools to the Privacy Commissioner to deal with privacy breaches was drawn from the members’ ballot.
The Bill gives the Privacy Commissioner the ability to undertake investigations into agencies and require them to become compliant with the Act.
Currently the Privacy Commissioner can only act on complaints from individuals – the Bill would allow her to instigate investigations and require information-handling audits.
It is timely, given the huge number of embarrasing privacy breaches happening under this Government.
From ACC to EQC, through to the deliberate privacy breaches committed by Minister Paula Bennett against two sole parents, the breaching of New Zealanders’ private information has been rife under National.
If they are serious are about addressing these issues, then they will support this Bill, as will other Parties across our Parliament.
Having had three bills drawn out of the ballot in the last 12 months, I’m keen to get to the races to see if I can pull off other trifectas!
Now, for my next bill….


Should notification of data breaches be mandatory?

Posted by on April 3rd, 2013

The Privacy Commissioner Marie Shroff last week told us that public trust is being eroded by government sector breaches. She said  government agencies have huge databases of information which the public is forced to provide, and in return they need to look after that information properly and that public sector agencies needed to have stronger controls in place when handling spread sheets of personal information.

Last year she warned us that the public sector can’t afford to be complacent. It’s quite clear that agencies holding large amounts of personal information need to place greater value on that information asset. They need to develop strong leadership and a culture of respect for privacy, as well as day to day policies and practices to provide trustworthy stewardship of our personal information at every level of the organisation. There has been far too little focus on the fact that there are real people behind the masses of information that government agencies hold.

Data breach notification isn’t currently required by law, but the Law Commission recently recommended that it should be made compulsory where breaches put people at risk. That would bring New Zealand law into line with practice overseas.

The private sector has warned repeatedly that New Zealand has a major problem with information security, and a strategy released late last year by a group of  IT security professionals said that although technological innovation is high within the New Zealand market, the national spend on educating, training, and developing skilled technical personnel is surprisingly low, creating an imbalance and directly contributing to the fragility and vulnerability of our nation’s IT systems. If that is not a significant warning, I do not know what is.

Last week the chief executive officer of the  Institute of IT Professionals, Paul Matthews, said that the Earthquake Commission had failed Security 101 and that it was  mickey mouse stuff that such sensitive information could be sent so easily to an outside person.

We are daily finding out about more data breaches, which indicates that they are commonplace.

The solutions aren’t off the shelf, but the Government’s refusal to treat the breaches as systemic, requiring the highest attention is very concerning.

The reason for many breaches will no doubt lie in the way each department and agencies IT systems have grown. Privacy and security systems are unlikely to have been built into these systems from the very beginning. Many issues can be resolved through training people using the systems in simple procedures to protect data. IT solutions exists to provide password protected spreadsheets being sent out as attachments and sometimes to prevent email attachments fullstop.

An across government response is required with a Chief Technology Officer with clout responsible to the Prime Minister. Our approach to information security is 20th century and inexcusable. I fear the public service is ill resourced to deal with the ongoing breaches we have faced and will face.

Instead, we have a Prime Minister who shrugs his shoulders and dismisses the breaches as “inevitable, human error and a trade-off”. He may rue those remarks.

NB: have attempted to contact Threat Toons for copyright permission. But have repeatedly been blocked from accessing their site. Might be the title. Happy to continue trying


10 questions for Hekia Parata

Posted by on August 17th, 2012

There are still a lot of unanswered questions about Hekia Parata’s practice of dobbing in teachers who write to her to complain about government policy to their board of trustees. Fortuitously have an ability to ask them of her! Today I’ve lodged the following Written Parliamentary Questions. I’ll post the answers when I get them here on Red Alert.

  1. How many letters did she receive expressing concern about her government’s plan to increase class sizes?
  2. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes?
  3. How many of her responses to letters she has received from teachers expressing concern about her government’s plan to increase class sizes were sent to the Board of Trustees that employs the teacher concerned?
  4. Is it her policy to send replies to any correspondence she receives from teachers to the Board of Trustees that employs the teacher, if so, why?
  5. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes where the teacher did not identify the school that they work at, and how many of those teachers received a direct response?
  6. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes where the teacher did not identify the school that they work at, and how many of her responses to those letters were sent to that teacher’s employer?
  7. If she sent a reply to a letter from a teacher who did not identify the school they work at to the Board of Trustees that employs the teacher, how did she identify which school board to send the letter to?
  8. Who prepared her replies to letters she received from teachers expressing concern about her government’s plan to increase class sizes?
  9. Did any of the people involved in preparing her replies to letters she received from teachers expressing concern about her government’s plan to increase class sizes access any government database or record system to identify the school the teacher worked at?
  10. Why did she send replies to letters she has received from teachers expressing concern about her government’s plan to increase class sizes to the Board of Trustees that employs the teacher concerned?

Not sure I like the sound of this

Posted by on October 11th, 2010

Government licensing access to the internet. If your computer is thought to be “infected” you get shut down til it is cleansed. A Microsoft executive put up the idea during last week in the US using a health scare (an epidemic or pandemic) as the analogy.

Not sure I like the sound of this. Particularly in the light of discussions around open government and the importance of and need for access to the internet by the population.

But I need to do more research on it. So shall not take a hard and fast view yet.  Privacy issues and cybersecurity keep being raised with me in discussions with a range of tech people across the spectrum.

This is one of the big issues. Keen for your thoughts.

Here’s one take on what Microsoft said

Here’s another :

A new proposal by a top Microsoft executive would open the door for government licensing to access the Internet, with authorities being empowered to block individual computers from connecting to the world wide web under the pretext of preventing malware attacks.

Speaking to the ISSE 2010 computer security conference in Berlin yesterday, Scott Charney, Microsoft vice president of Trustworthy Computing, said that cybersecurity should mirror public health safety laws, with infected PC’s being “quarantined” by government decree and prevented from accessing the Internet.

“If a device is known to be a danger to the internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the internet, minimizing the risk of the infected device contaminating other devices,” Charney said.

Charney said the system would be a “global collective defense” run by corporations and government and would “track and control” people’s computers similar to how government health bodies track diseases.

Invoking the threat of malware attacks as a means of dissuading or blocking people from using the Internet is becoming a common theme – but it’s one tainted with political overtones


Our private parts… are they?

Posted by on January 12th, 2010

On 9 January, the guy who started Facebook did a public U turn on the site’s privacy policy which has created an online storm.

Facebook founder Mark Zuckerberg told a live audience that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. He says the age of privacy is over.

How private should the online information about us be? Whether we post it ourselves, or whether someone posts it about us.

Social networking sites like Facebook and the subscribers to those sites are confronting this issue. Read this open letter to the Huffington Post to give you an idea. Google it to read more.

The privacy of our information is a huge issue. Data privacy is key policy ground for governments around the world. There are shifting meanings for what is public and private. But I would contend there is still very much a need and desire by people to keep control of information about themselves. Which seems to me, to be the important principle.

Not sure what right Facebook’s founder has to make a decision on behalf of 350 million subscribers that they don’t care about privacy.

This is important stuff for policy makers and legislators as well as companies.