Collateral Damage

Hat tip to former InternetNZ Chief Executive Vikram Kumar for his discovering that the TICS and GSCB bills include forcing telcos to install backdoors into their networks.

This goes a long way past “making sure the data can be handed over to the authorities” which we’re still unhappy with and goes a long way out of my comfort zone, especially given the way international intelligence agencies are using their powers around the world.

So what’s driving the government rush to enact these laws? Can it be that New Zealand is a hot bed of international terrorists and that we need to severely curtail public freedoms in order to ensure our on-going security?

Clearly this isn’t the case. Nor was it the case when the Urewera raids took place under the auspices of anti-terrorist activity – charges that were later withdrawn and eventually dropped entirely from the case.

But even that wasn’t the start to all of this. An online chat with Judge David Harvey reminded me of the Crimes Amendment Act, introduced in 2003 which took away our right to remain silent.

Sorry, did you not realise?

If you own a computer (roughly 110% of the population these days) you’d better know exactly what’s on it, including those pesky system files that you’ve neither seen nor looked at, because under the Crimes Amendment Act, you’re entirely responsible for files on your computer.

In addition, if you have encrypted files (I presume I have) then you’re required by law to hand over the encryption keys to those files.

So if, for argument’s sake, you have a system file somewhere that you’ve never seen and which you’ve no way of decrypting, you’re still responsible for it and if a nice policeman taps you on the shoulder and says “decrypt that file” you’re up for three months’ jail and a fine of $2000 if you don’t comply.

Harvey described that as synonymous with a police officer asking you where you were “on the night in question” and you refusing to answer – something you’re perfectly entitled to do  - and then ending up in the cells for three months.

Even with that level of intrusion we aren’t quite at the source, because I remembered an even earlier conversation about the International Law Enforcement Telecommunications Seminar (ILETS).

In 1999, ILETS was telling police representatives from around the world that what the world really needs is a terrorist event of grand enough scale that the citizens will clamour for police intervention on a massive scale. Indeed, ILETS (of which New Zealand was a member) encouraged participants to draft legislation and PR strategies ready for the day when such an event would occur and which would then give these agencies the support needed to get bills passed in the various parliaments.

ILETS was set up by the FBI in the early 1990s and included representatives from New Zealand, Australia, the UK, US and Canada (sound familiar?) to promote a “universal wiretap ability” in the newly emerging internet world.

Governments would be encouraged to gradually allow police and affiliated agencies more powers to monitor and track movements online so as to ensure police agencies were able to keep up with criminals. Terrorists were just an excuse.

From there we moved on to the Search and Surveillance Act, introduced in 2012 and the expansion of police powers that included. 

Today we face the introduction of the badly flawed GCSB bill and shortly, the TICS bill. Both will enable relevant security agencies (and the police, and potentially IRD and potentially all manner of other government agency) to access our most secret data and indeed track our real-world movements thanks to those handy GPS-enabled tracking devices we all carry.

I’m all in favour of the police having the right tools for the job. If there was evidence that nefarious agents were using encrypted pathways to communicate and to plan illegal activities, that massive online money laundering were taking place, that terrorist cells were active or even present in New Zealand and that we faced a clear and present danger, then I would support giving the right agencies the right tools. But no such evidence has been presented or even hinted at, and the badly-drafted laws mean our nascent cloud computing industry might well be snuffed out before it gets off the ground in a commercial “blue on blue” incident.

New Zealand needs access to world’s best IT practices if we’re to compete. We can and should grow our own businesses to take part in the global economy. We should be able to buy in the best of breed hardware and technology needed to enable our economy to grow.

Yet these laws mean we won’t be able to do that. Local businesses won’t be able to deploy internationally because our laws mean they’ll have to hand over sensitive customer data to New Zealand officials, and who would buy such a product? International businesses will have to decide whether or not to operate in such an environment locally, and some businesses could potentially be excluded from New Zealand because of the laws themselves. Will Apple or Google chose to operate in New Zealand under laws that contradict and are explicitly outlawed in the US? Will Huawei be able to build world class infrastructure here if they’re not on the “friendly” list?

The collateral damage from these bills has the potential to be huge. The cost of implementation alone is likely to be massive and will be borne by the telcos and network operators who will, of course, pass it on to customers, but the lost opportunity for our ICT industry could potentially dwarf even that price.

Ian Apperley, an independent cloud computing consultant who blogs at whatisitwellington.com, has written a great piece about the potential size of the market and the cost if we miss out.

It's a quick and dirty economic analysis but I suspect that's more than we've undertaken at government level.