Kiwiblog

In the SST, a story from Nicky Hager had the headline:

NZ’s cyber spies win new powers

Like many, I wondered what law change had been quietly passed into law in late 2009, without us noticing.

NEW CYBER-MONITORING measures have been quietly introduced giving police and Security Intelligence Service (SIS) officers the power to monitor all aspects of someone’s online life.

The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand.

Oh my God. When did this happen? Actually back in 2004. Not exactly new.

And it is not giving the SIS and Police the power to monitor themselves – it gave them the power to get a warrant to get a telco or ISP intercept communications – just as they have had the power for many decades to get a warrant to have phone calls intercepted.

Now this doesn’t mean I necessarily support the 2004 law change. I’ve blogged a series of articles highlighting draconian provisions in the Search and Surveillance Bill before Parliament. Nicky’s article would have been more useful however in 2004, than in 2010.

Police and SIS must still obtain an interception warrant naming a person or place they want to monitor but, compared to the phone taps of the past, a single warrant now covers phone, email and all internet activity. It can even monitor a person’s location by detecting their mobile phone; all of this occurring almost instantaneously.

Police say in the year to June 2009, there were 68 interception warrant applications granted and 157 people prosecuted as a result of those interceptions.

What would be interesting is the details of those 68 warrants – were they for all Internet activity, or just some?

The measures are the consequence of a law, the 2004 Telecommunications (Interception Capability) Act, which gave internet and network companies until last year to install devices allowing automated access to internet and cellphone data.

Telecom, Vodafone and TelstraClear had earlier 2005 deadlines, and new cellphone provider 2degrees installed the interception equipment before launching last year.

So these “new” powers have actually been in place for four to five years, for 95% of the Internet population.

In an associated article, Hager says:

Not long ago, police and Security Intelligence Service (SIS) interception meant tapping your landline phone or bugging your kitchen. Now, under a new surveillance regime ushered in by the 2004 Telecommunications (Interception Capability) Act, a basic interception warrant also allows them access to all your emails, internet browsing, online shopping or dating, calls, texts and location for mobile phones, and much more – all delivered almost instantaneously to the surveillance agencies.

To catch other sorts of communications, including people using overseas-based email or other services, all the local communications networks are wired up as well, to monitor messages en route overseas.

Interception equipment built permanently into every segment of the country’s communications architecture will provide the sort of pervasive spying capability we normally associate with police states.

Now Hager is right in that all telcos and ISPs have to have the capability to intercept all Internet communications by a user, if presented with a warrant. However what is not made clear in the article is that the ISPs themselves do the intercepting, and forward the data onto the appropriate authority. The article almost implies that the Police/SIS/GCSB can merely push a switch remotely, and hey presto your data flows to them.

The law gave network companies five years to install the intercept capabilities and the five years was up last year. Many network companies dragged their feet about installing the new surveillance equipment, despite government subsidy of the cost. After four years of inactivity, a consultant with police and SIS ties attended the NZ Network Operators Group conference in Dunedin last year to read them the riot act.

Dean Pemberton, who had previously set up and run “lawful interception” equipment at TelstraClear, told the roomful of network specialists what “the agencies” expected from them and said the agencies expected them to install devices that could intercept data and forward it to the agencies “on a minute by minute basis”. If companies didn’t have this gear in place, they risked a $500,000 fine and “should get a lawyer”, he said.

This part of the article is rather misleading, and I can speak from first hand knowledge as I was at that conference when Dean spoke.

The first thing people should understand is that Dean is what I call an alpha geek He is one of the guys who built the Internet in New Zealand and he attends and presents almost every year without fail to the NZNOG Conference.

In 2008 he spoke of his experiences with the Interception Act requirements, and what you had to do to comply. I doubt a single person in the room saw this as Dean “laying down the law”, let alone the implication he was speaking on behalf of the SIS or Police. Dean was doing what he normally does – sharing his experiences with the technical community.

There’s some good research in Nicky’s article about how the FBI were a prime mover in the request for NZ to have the interception capability, and it is true many NZers will be unaware of the interception capability. However the article would have been a lot more useful in 2004 when the law was being considered, or in 2005 when the big telcos implemented it.

Next I await a story about how the Post Office has been given new powers to intercept and read postcards

I am a keen recipient of the trans-tasman newsletter. You often read material in there not reported elsewhere. A great example of this is quoted in this week’s newsletter:

Excitement in the media about the Govt undertaking a review of NZ’s intelligence services scaled considerable heights this week. A Treasury official dropped a notebook in the street near Parliament, which contained some details about the review being carried out by former MFAT chief Simon Murdoch. The notebook was retrieved by a Radio NZ political journalist, and initial news reports sent competing media into a frenzy. However John Key deflated the excitement when he told journalists the review had been twice reported earlier in Trans-Tasman. The first, inthe July 2 issue, said a review was being planned of the agencies, and the second on July 16 indicated Murdoch would carry out the review.

So while still highly embarrassing for the Treasury staffer who lost the notebook, there was not actual revealing of anything not already in the public domain.

The newsletter also notes:

We have noted before Labour’s viscerally venomous attitude towards National Ministers Paula Bennett and Anne Tolley. This goes way beyond the normal tensions of political conflict. Labour MPs – especially their women MPs – appear to find the very existence of Bennett and Education Minister Tolley infuriating. You can almost see the wall of red mist descending over Labour’s front bench every time those two Ministers get up to speak. …

The attitude is actually an odd kind of snobbery. There is an unspoken “how DARE you?!” from Labour’s front bench towards Bennett and Tolley. It is a rage these women, who in Labour’s eyes should be, firstly, on a benefit themselves somewhere and, secondly, loyally supporting Labour as a consequence.

I recommend people tune into question time to see what the newsletter describes.

NZPA report:

Staff from a radio station have found notes handwritten by a senior government servant suggesting a merger of New Zealand’s two state intelligence services.

Radio New Zealand reported finding the notes on the street, with the merger one of three options to be considered in a review of the sector.

The State Services Commission confirmed former Secretary of Foreign Affairs, Simon Murdoch, was to consider ways for the security services to work more effectively.

I doubt the services will be impressed by such notes being left lying about.

Not sure what the pros and cons of merging the SIS and GCSB would be. The SIS have greater protection under the law. It is illegal to name any staff member except the Director. The GCSB does not have the same protection.

The review might extend beyond the SIS and GCSB of course. There is also the External Assessments Bureau in the Department of Prime Minister and Cabinet, and the co-ordinating role of DPMC’s Domestic and External Security Group.