Collateral Damage
Hat tip to former InternetNZ Chief Executive Vikram Kumar
for his discovering that the TICS and GSCB bills include forcing telcos to
install backdoors into their networks.
This goes a long way past “making sure the data can be
handed over to the authorities” which we’re still unhappy with and goes a long
way out of my comfort zone, especially given the way international intelligence
agencies are using their powers around the world.
So what’s driving the government rush to enact these laws?
Can it be that New Zealand is a hot bed of international terrorists and that we
need to severely curtail public freedoms in order to ensure our on-going
security?
Clearly this isn’t the case. Nor was it the case when the
Urewera raids took place under the auspices of anti-terrorist activity –
charges that were later withdrawn and eventually dropped entirely from the
case.
But even that wasn’t the start to all of this. An online
chat with Judge David Harvey reminded me of the Crimes Amendment Act,
introduced in 2003 which took away our right to remain silent.
Sorry, did you not realise?
If you own a computer (roughly 110% of the population these
days) you’d better know exactly what’s on it, including those pesky system
files that you’ve neither seen nor looked at, because under the Crimes
Amendment Act, you’re entirely responsible for files on your computer.
In addition, if you have encrypted files (I presume I have)
then you’re required by law to hand over the encryption keys to those files.
So if, for argument’s sake, you have a system file somewhere
that you’ve never seen and which you’ve no way of decrypting, you’re still
responsible for it and if a nice policeman taps you on the shoulder and says
“decrypt that file” you’re up for three months’ jail and a fine of $2000 if you
don’t comply.
Harvey described that as synonymous with a police officer
asking you where you were “on the night in question” and you refusing to answer
– something you’re perfectly entitled to do
– and then ending up in the cells for three months.
Even with that level of intrusion we aren’t quite at the
source, because I remembered an even earlier conversation about the
International Law Enforcement Telecommunications Seminar (ILETS).
In 1999, ILETS was telling police representatives from
around the world that what the world really needs is a terrorist event of grand
enough scale that the citizens will clamour for police intervention on a
massive scale. Indeed, ILETS (of which New Zealand was a member) encouraged
participants to draft legislation and PR strategies ready for the day when such
an event would occur and which would then give these agencies the support
needed to get bills passed in the various parliaments.
ILETS was set up by the FBI in the early 1990s and included
representatives from New Zealand, Australia, the UK, US and Canada (sound
familiar?) to promote a “universal wiretap ability” in the newly emerging
internet world.
Governments would be encouraged to gradually allow police
and affiliated agencies more powers to monitor and track movements online so as
to ensure police agencies were able to keep up with criminals. Terrorists were
just an excuse.
From there we moved on to the Search and Surveillance Act, introduced in 2012 and the expansion of police powers that included.
Today we face the introduction of the badly flawed GCSB bill
and shortly, the TICS bill. Both will enable relevant security agencies (and
the police, and potentially IRD and potentially all manner of other government
agency) to access our most secret data and indeed track our real-world
movements thanks to those handy GPS-enabled tracking devices we all carry.
I’m all in favour of the police having the right tools for
the job. If there was evidence that nefarious agents were using encrypted
pathways to communicate and to plan illegal activities, that massive online
money laundering were taking place, that terrorist cells were active or even present
in New Zealand and that we faced a clear and present danger, then I would
support giving the right agencies the right tools. But no such evidence has
been presented or even hinted at, and the badly-drafted laws mean our nascent
cloud computing industry might well be snuffed out before it gets off the
ground in a commercial “blue on blue” incident.
New Zealand needs access to world’s best IT practices if
we’re to compete. We can and should grow our own businesses to take part in the
global economy. We should be able to buy in the best of breed hardware and
technology needed to enable our economy to grow.
Yet these laws mean we won’t be able to do that. Local
businesses won’t be able to deploy internationally because our laws mean
they’ll have to hand over sensitive customer data to New Zealand officials, and
who would buy such a product? International businesses will have to decide
whether or not to operate in such an environment locally, and some businesses
could potentially be excluded from New Zealand because of the laws themselves.
Will Apple or Google chose to operate in New Zealand under laws that contradict
and are explicitly outlawed in the US? Will Huawei be able to build world class
infrastructure here if they’re not on the “friendly” list?
The collateral damage from these bills has the potential to
be huge. The cost of implementation alone is likely to be massive and will be
borne by the telcos and network operators who will, of course, pass it on to
customers, but the lost opportunity for our ICT industry could potentially
dwarf even that price.
Ian Apperley, an independent cloud computing consultant who blogs at whatisitwellington.com, has written a great piece about the potential size of the market and the cost if we miss out.
It’s a quick and dirty economic analysis but I suspect that’s more than we’ve undertaken at government level.