Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Zealand Government To Snoop On E-mail

Posted by timothy on from the give-an-inch-they'll-charge-you-rent-on-it dept.

Hairy1 writes: "The New Zealand Government is planning to increase the powers of the police so they may intercept e-mail, according to the The New Zealand Herald. Paul Swain wants to exempt police from laws against hacking so they may snoop into emails. Read the story." "Recent history suggests the usual glib official assurances that such organisations and people will not be snooped on by state security and intelligence services will be worthless," the story quotes the spokesman for a group called Gatt Watchdog as saying, but insert-your-cause-here. Hard to watch just a few people's e-mail.

14 of 140 comments (clear)

  1. I'm from the government.... by www.sorehands.com · · Score: 3
    I'm from the government and I am here to help you.

    Only criminals don't want the police to search their car/house/purse/pockets?

    The check is in the mail.

    Three lies.

    In a free country to keep ones rights, you can't surrender them. For when you do, it ceases to become a free country.

    --
    Fight Spammers!
  2. Why one should be worried about other countries by rodgerd · · Score: 5

    This is, of course, why people should be worried about what happens in other countries. Whenever something unpleasant happens in the US, smug Europeans tend to have a good laugh, and vice versa.

    This is a perfect example of why such smugness is so dumb. Attempts to grant police more draconian powers in .nz are being justified with the UK RIP bill; no doubt people in the US will be unpleasantly surprised when the FBI justify Carnivore (and more) on the same grounds.

    Once it is considered acceptable for one country to behave abhorrently, other governments will do the same. How often have you heard proponents of strong government point to Asian dictatorships like Singapore as evidence of what could be achieved by strong government unquestioned (and unquestionable) by the people?

  3. Re:The domino effect... by Skald · · Score: 4
    The US is the only country bull-headed enough to be FOR landmines.

    My Greek friends were bitching to me about this treaty a few years ago. Seems they used to have the mountains along the Albanian border mined, and never had any problems. Then the mines came out, and they started having problems with packs of armed bandits crossing the border at night, pillaging isolated houses, and slipping back before dawn.

    I don't know how popular or unpopular the treaty was with most Greeks. But I do suspect mines, like most things, aren't such a black-and-white issue.

    --

    "The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton

  4. Echelon does this already. by Eugene+Cabanopscotch · · Score: 4

    (I live in NZ) Who cares really if the Police will be able to read email, considering that 75% of NZ's international traffic is brought in over satellite (in some cases using Cisco's weak export grade encryption) does it really matter when the Echelon station in Waiopai has been reading our email since before there was email?
    Not only that, but our Government doesnt even have access to this data - they let the US and Australia snoop our private communications and cant even check to see that it's not being abused!
    Much more frightening that someone reading my personal mail (usually innane messages to my friends anyway) is the thought of other countries using this information to make sure that the next international contract my company is tendering for goes to someone else!

    That will be all.

  5. Terrorism smoke screen by Angst+Badger · · Score: 4

    In the last century, the democracies of the world fought innumerable wars, with tens of millions of casualties, to prevent the loss of our freedoms at the hands of fascism and communism. No one suggested that we surrender our freedoms to Hitler or Stalin in order to avoid battlefield casualties. But today, the governments of the English-speaking countries and more than a few of our European allies are suggesting that we surrender our freedoms to avoid a few dozen deaths a year from terrorism. What a crock!

    Freedom comes at the price of bloodshed, folks. And these days, it's surprising little bloodshed. Terrorism exists precisely because the enemies of freedom lack the power to do significant damage, so they concentrate on some high-profile but not especially great carnage. Terrorism should be suppressed to the best of our ability, of course, but please bear in mind that more people die in domestic disputes every night in America than die in terrorist attacks in a decade. Terrorism is only an issue because we allow ourselves to be panicked by a few crazies.

    In the one case that could have been a major terrorist disaster -- the World Trade Center bombing -- the disaster was averted by the ignorance of the terrorists, not Carnivore. The intelligence agencies like to make mysterious noises about all the attacks they've averted, but we never see any evidence to back up those claims.

    State security is a dangerous thing. The very apparatus necessary to ensure total security is the same apparatus necessary to ensure totalitarian rule.

    I can't speak for other countries, but we have much more pressing problems in America. Tens of thousands die every year on the highways due to drunk drivers; somewhere between one-sixth and one-third of all women will be sexually assaulted at least once in their lives; child abuse and neglect is rampant; the two leading causes of death for minors are murder and suicide. When we make progress on those fronts, then let's pour our resources into chasing a handful of terrorist acts. Until then, don't tread on me.

    --
    Proud member of the Weirdo-American community.
  6. Encryption is not enough by Morgaine · · Score: 3

    Encryption on its own is not enough to deal with the issue of mail interception. The interceptors are giving themselves progressively greater powers to ensure that encrypted mail can either be decrypted by them or used as incriminating evidence in its own right by being encrypted in the first place.

    The problem is inherent in the current naive SMTP/POP3/IMAP model of mail service. It served us well for two decades, at a time of network openness and innocence. That time has now gone. DARPA researchers wanted to make their network stand the odd atomic bomb. Now we have a different evil to overcome.

    Here are the key aspects of the problem, and the areas that a solution would need to address: Time to replace SMTP/POP3/IMAP.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  7. Quite the trend.... by Lucretius · · Score: 4

    We'll, we've been hearing about the United States governments actions in regards to the monitoring of email (the carnivore system, etc), and now its about the right time for the rest of the world to come in a bit too. It does look as if all governments are taking it upon themselves to monitor email for "illegal activity" which brings up some interesting questions.

    Why do governments beleive that email is different than snail mail? Is it because its easier to use, or just easier for them to read? I'm not quite sure, I tend to think that they are treating it like phone lines because they can, not because of any sort of precedent. You can't open up a snail mail letter because of the envelope and people would know you're reading it, but you can easily tap a phone line, as its not as easy to detect the intrusion of privacy. Email follows the path of the phone line, but its just easier, as they can just intercept it before it gets there, and there is really no way for anyone to know if they've read it. I guess this is quite obvious material...

    While I have nothing to hide in my emails, I guess its just starting to piss me off that all the governments of the world are starting to take their turns reading my email just in case I might be a terrorist threat. Seriously now, how many terrorist organisations would be dumb enough to not encrypt their emails that they send to each other, its ludicrous. I for one am going to start encrypting everything just to piss of the government...

    If enough people would do this sort of thing, it would be impractical for the government to do this sort of thing, and hopefully it will just go away.

  8. we live in frightening times by The_Messenger · · Score: 5
    Goddammit, it seems like with every day that passes, we have less of an excuse not to encrypt interpersonal communictions. I'm surprised that businesses don't require employees to encrypt any mail that leaves the intranet.

    Fucking government assholes... if you weren't such snooping bastards, maybe I wouldn't feel it was necessary to ensure my privacy. My problem is that not-so-savvy friends and business associates require me to use cleartext e-mail. Ah, life is depressing...

    ---------///----------
    All generalizations are false.

    --

    --
    I like to watch.

  9. It's time to replace SMTP/POP3/IMAP folks by Morgaine · · Score: 3

    There are five aspects of Internet mail services that have attracted this attention from the interceptors:

    1. Mail addressing is in the clear during transport.
    2. Mail content is in the clear during transport.
    3. Mail storage is in the clear after delivery.
    4. Senders send mail to their own ISP's servers.
    5. Recipients receive mail from their own ISP's servers.

    (This refers to the mail services used by the largest proportion of Internet users, the ordinary Joe Bloggs with a dynamic dialin account with a free or very low-cost high-volume ISP.)

    These features together have been instrumental in the current domino effect as more and more countries decide to violate their citizens' privacy. They provide the interceptors with a known fixed point at which to intercept any given person's mail, full knowledge of where his mail is going, full knowledge of the source of incoming mail, and full legibility of the content of correspondance.

    If you consider the nature of the people concerned, one might as well have called these mail standards the Please Intercept Me Protocol. We've made it ridiculously easy for them to snoop, so they're doing it. It's our fault. You can't blame them for lack of scruples -- if they had any, they wouldn't have placed themselves in a position where they can wield coercive power over others.

    So, let's take our standard catch-all phrase and modify it to suit the new circumstances: The Internet interprets mail interception as a fault and routes around it.

    In other words, let's create a mail system with the following attributes:

    1. Mail addressing details are not visible except between pairs of delivery points, which see only the from/to information that applies to them at that point in the transport. Multiple layers of encryption keep all other details of addressing invisible. Something along the lines of onion routing seems feasible.

    2. Separation of payload from addressing, and the payload is of course always encrypted. Encryption must not be optional, ever, and apart from a strong default, the encryption algorithms used must be arbitrary, multiple, and unidentified.

    3. No storage of mailboxes on a customer's ISP's servers. This can be addressed either by using remote servers in safe jurisdictions, or preferably by doing away with the concept of remote mailboxes altogether, ie. keeping mail in transit at various dynamic funnel points until the destinee appears online and signals his presence.

    4. No single transit destination for a person's mail. The biggie here is that MX records direct mail to the fixed point of the ISP's choosing, so this whole methodology needs revising to allow the use of a dynamic set of customer-chosen remote funnels instead.

    5. Senders should not send mail to their own ISP's relay as smarthost, but bypass it, ie. communicate directly with some remote destination. Unix-type boxes already do direct end-to-end delivery by default anyway, but the new scheme should make that the norm on all platforms.

    Well, that doesn't sound like a particularly difficult spec. Let's have a little think about it, rummage around the IETF to see if there's anything already in the works that might do the trick or be a good starting point, and get to it.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  10. Socialists and Big Brother by John+Jorsett · · Score: 4

    I find it interesting that the more socialist governments seem to be the ones first out of the box with these sorts of proposals. Australia, New Zealand, Great Britain, France, etc. talk a good game about being for the ordinary person, but are the first ones to heave individual rights over the side when it suits them.

  11. If these get passed by Dyolf+Knip · · Score: 3
    They haven't said anything about a "you must give us your encryption keys" aspect of the NZ law, but they may very well follow the UK's lead in that regard. I'm really curious to see what happens the first time someone gets thrown in the slammer for refusing to provide a password. Really, it's just like giving someone a prison sentence because they refuse to confess to a crime, regardless of their guilt or innocence. Oh but don't worry, it'll only be used on people who we're sure are guilty. You have the solemn word of the government on that, yessir.

    Damn, but this whole thing stinks.

    --

    --
    Dyolf Knip
  12. Encryption ideas I haven't seen suggested before by bee · · Score: 3

    Everyone has heard this before: "You should send all your email encrypted, not just the important stuff, so that (insert many good reasons here)".

    In a perfect world, this would in fact be the optimal solution. But, realistically, since this isn't happening any time soon, how about some other options that at least get us part of the way there?

    1) Add encryption into sendmail's transmission of mail. The goal here is to have the actual email traffic sent over the open wire encrypted, like ssh traffic is. OpenSSL could be used for this. Of course this does nothing to protect you if your computer is cracked or stolen (including by the gov't), hence:

    2) Store mail (in /var/mail) in an encrypted form. Again, this involves adding something onto sendmail, this time when the mail is written into the mail spool. This would be a bit more tricky than 1), since user mail programs would either have to be able to do the decryption or call some agent to do it for them.

    Despite the complications in 2), these still both seem very doable to me. 1) would require extending the SMTP protocol slightly, so that mailers can talk to each other and send things between each other in an encrypted form only if both are encrypted-capable. Has anyone else thought of doing something like this before? Is it as feasible as I think it is (or am I just low on sleep and not thinking clearly)?

    ---

    --
    At least mafia-owned pizzarias make excellent pizza. Compare to Bill Gates.
  13. Why new tech gets govt interest by A+nonymous+Coward · · Score: 5

    I believe it's just standard power control freak activity. Look at telephone wiretaps. I personally find them abhorrent, a violation of privacy, etc. Way too open to abuse. I don't even like the idea of police listening to closed doors. But I digress :-)

    Think back to before the telephone. Criminals has to meet face to face or send letters, and I doubt letters did much for simple crime. Most likely, to organize a bank robbery or any kind of activity, they met face to face. The only way for police to listen in was informers in the meeting, or ear to the door. I doubt there was much ear to the door stuff, it would be too easy to prevent. So there wasn't a whole ot of police listening in on crooks.

    Then along comes the phone. Crooks weren't stupid, they could see how they could get together for a combined effort so much easier with a few phone calls. Police recognized this too, but suddenly they had the *capability* of listening in without having to put their asses in danger from twitchy guards protecting the meeting. And just like nowadays, they conned a mostly ignorant public into going along with their plans, with much the same message -- the innocent had nothing to fear, there would be no abuses, etc.

    IIRC wiretaps were originally thrown out of court until Congress passed some enabling legislation, which did not get completely smooth sailing. There was debate, but not enough. Probably a web search would refresh my memory, but I haven't a clue now where I read this, or how much I remember correctly.

    --

    --
    Infuriate left and right
  14. Hmmm... by BJH · · Score: 3

    One of the things about New Zealand that lends itself to this sort of official snooping is the small number of providers. There's maybe three nationwide providers, and not that many smaller ones, so the government has only a few points to cover in order to read 90%+ of email. Added to that is the limited number of overseas links, and you have a situation ripe for official suppression.