Slashdot Mirror
NZ Government Pushes For Wide Spying Powers
lim-bim-tim-wim writes: "The New Zealand government is planning to introduce powerful legislation to enable the Police, GCSB and Security Intelligence Service to hack into computers without the knowledge of the owner. Owners will also have to give up cryptographic keys and passwords on demand. ISPs and telecom companies will have to provide backdoors for government agencies. So how does this affect you? It appears this has been brought about by pressure from the FBI. So maybe your country is next. There is a short story at www.stuff.co.nz "
The article appears here.
This reminds of a story I heard (can't remember where). Anyway, some people were discussing privacy and one person said just what you said "What are you trying to hide?"
Another person, whom she was arguing with, picked up her purse and begin looking through it. She immediately snatched it back.
The person who took her purse said "Get the point?" She did.
--
One of the wonderful things about the US is that their are no guards along state borders, no documentation is needed to travel inside our borders, and other things along these lines. I think that this is part of the reason why we do not see many terrorists attacks in the US. Blowing up a building where there is no security and hurting innocents does not make for good relations with the people whose opinions you are trying to sway. However, some people think that terrorist activities in places where the government is supposed to protect them will make the people feel less secure about their government. Having said this, I think that there is an important lesson here - how people behave is usually directly related to how they are treated. If you let people have their freedoms and privacy chances are they are going to do the right thing. Of course, there will always be a few jackasses who will do bad and destructive things, but I feel that this is inevitable. What I hate about are politicians and some of the general public is that they feel that they have to protect us from anything and everything. I would much rather have things they way that they are now, and run the chance of accidentally getting caught in a terrorist incedent (which are probably less than winning the lottery), than live in some nazi-like Orwellian future. People never realizing that things really are not that bad, and the fact that we have a bunch of jackasses running around trying to scare people into justifying their jobs now that the cold-war is over, is not conducive to the public well being. street sweeper 2565 reporting from the land of anthem
Either give it away or get top dollar, but never sell yourself cheap.
Someone needs to write a pgp-driven encryption tool that works as follows:
It take a file to be encrypted, encrypts it, appends it to either another encrypted file using a different key, or a noise file encrypted using a random and discarded key, then merges the two and encrypts again using the first file's key.
Use this tool all the time whenever you encrypt anything. It will result in files twice the size of the original, but you can legitimately say you only have the key for one half of the file, and the other half is noise, as demonstrated by examining the open-source encryption program. However, it's entirely possible that the person could choose to merge in another, 'secret' encrypted file instead of the noise file, and this could only be proven if that key is discovered or cracked.
If such a program went into widespread use, the Enzed gov't would either have to prosecute everyone who used the program, despite the fact that they're breaking no laws, or they would lack any means of obtaining keys (which they can't prove even exist) to uncover data they similarly can't prove the existence of.
Kevin Fox
Kevin Fox
Ignoring all the issues of the role of government, etc. this is the usual response of a government. To wit: You are behind the times by about 5 years. In a peer to peer high speed interconnected world, something that I wanted to keep from others eyes might not even be on the same continent as my computer. Indeed, it might not be on any one computer, but on several computers in seemingly meaningless pieces. Thus this sort of action will only "catch" the small fry. The governemnt will (of course) trumpet this as a grand examaple of the sucess of the action, but the folks who are running the real crimial exercises (and for whom such draconian measures might possibly, in the wildest imagination be justified) will conduct business as usual.
Given that our SIS can't get into a house without being caught
I have doubts. Incompetant as they clearly are, luck played a significant factor - it would have looked like just a normal burglary otherwise. I know people who have been persecuted by the SIS (for apparently "terrorist" activities like opposing nuclear weapons while the Bomb was still trendy), and it wouldn't surprise me in the slightest if they were busy violating civil rights left, right and centre. The only times they even have to admit possible involvement is when the victim happens to have the money, time, and evidence to achieve the half a dozen successfull court verdicts and appeals needed to wring an admission from them. You don't need to be competent when the full force of the law places you above the law (even if, in theory, you're not above it, but it seems that that theory is really just a fairy tale to satisfy the citizens).
Is there a "public discussion" about those things? What about oppositions parties?
:-)
The new laws were proposed by the opposition when they were power, and the current government (which Does Not Get Along with the ideas of the previous government) is happily continuing the work.
Unfortunately, if you try to watch the intelligence game, it emerges that all parties who have been in power tend to be enamoured of "intelligence" powers, because (among other things) "national security" is so damn useful for keeping the public from finding out about all the dirty laundry when, ironically, it would be the nation's best interests to know when major botch-ups and gross incompetence takes place
I competely agree about public apathy. Here, if you claim the SIS are watching you (be it because they're so incompetant it's obvious, or that they're overtly trying to intimidate you), the result is public derision and ridicule that "you obviously have an inflated sense of your importance". Most people seem to have the spy-movie idea that these agencies are competent enough (and idealogically balanced enough) to target actual threats and not Joe Bloggs on the street because his flatmate painted a "free Tibet" banner or some other "terrorist" activity...
This isn't a flame - this _is_, at least in terms of population, a low density backwater.And that's the way we like it. Less people, less pollution. And we've got a high rate of per capita technology uptake.
... and today's pet project has
However, this may be slightly OT, but no matter...
Laws are crazy - here in the States, they get so convuluted, arbitrary, and strange - esp. from state to state!
I was recently looking up a California law regarding a speeding ticket I got (I rightly deserved the ticket). In the process of looking up the law on the net (as well as checking the Arizona equivalents - AZ being my home state), I came across an interesting Cali law:
Did you know, that in CA, if so much as a single spark leaves your vehicle, you are "breaking" the law? The law was designed (I presume) to prevent smokers from throwing lit butts out their windows while going down the freeway, setting the dry, drought stricken land on fire. Which sounds OK - however, the way the law is worded, a simple, single spark would be enough to "trip" the law. IOW, say you light up a cigarette in your car, and the flint on your Bic breaks, and a trailing spark flies out your window. As soon as it does - you are breaking the law, regardless of whether the spark is still burning (or even hot) by the time it hits the ground...
Crazy, huh?
I support the EFF - do you?
Reason is the Path to God - Anon
So you tell me whose running the show - it sure ain't the FBI.
I think you're idea of international diplomacy is a little off the mark. The coercion you talk of is far in excess of what is needed to pressure a small nation like NZ. It's done in the name Maintaining Good Relations. Blackmail is unwarrented. This doesn't mean that pressure cannot be applied. (Though as you suggest, it appears to be a case of the pressured party being reasonably willing to head in that direction to begin with...)
New Zealand is seeing a steady erosion in privacy and individual liberty, all in the name of crime prevention and detection. We host the Echelon system, we have passed laws restricting freedom of association with known criminals (tough shit if you're a social worker, eh?), we've made it easier for the police to obtain telecomms interception warrants, and we have a proliferation of cameras whose main effect is to drive street crime onto the fringes of cities instead of the centre.
This has happened with the best of intentions, aided by people who would be horrified at the suggestion that they were bit by bit contributing to the apparatus needed for a totalitarian state.
Unfortunately, privacy violation has no direct physical effects on people - it enables other abuses - so it's hard to muster public opposition until the abuse of power leads to some outrage. Of course, by that stage it may too late.
Therefore, I don't see much hope of a mass movement supporting privacy rights, especially when the inflammatory issues of paedophila and gangs get dragged in. Rational debate is futile in the face of Paul Holmes. (Overseas readers: The Holmes show is a popular television programme masquerading as a current events show but specialising in the pornograpphy of emotion). Abused children are a concrete wrong people can get upset about, invaded privacy is an abstract hurt that doesn't motivate sympathy.
However, every concerned Kiwi reader should think about joining the political party of their choice to try and make this an issue in their own party. This is an issue that crosses party lines. It's cheap to join any of NZ's mainstream political parties, and now that membership is so low in most of them, individual participation can have more effect than it could in the 70s or 80s.
I don't think crypto is the answer, since even when it is easily used, most people cannot protect their keys, and behave in ways that compromise security. In any case, I want to live in a society where I can assume I am not being monitored, not one where I have to consciously protect my communications.
Personally I feel despondent about checking this trend. We're seeing more instrusive "news" (how did you feel when your husband was shot), a rise in gossip and scandal, and shows whose whole rationale is snooping. The more and more we use invaded privacy for entertainment, the more we become inured to the idea that our private lives can be fodder for other people, and our privacy of little value. But I can't sit still.
--I'm sure any president would veto something like this; if not the courts would likely strike it down.--
Like they'd never authorize a national ID card? BUZZ...that law was passed in 1996, and went into full effect this month. Now you can't even get a fishing licence without it. (AKA social security number)
But this is not the point of my post...
The reason the US is pushing these countries is two fold:
#1 It wants to control the world
#2 There is a 'loophole' in the federal U.S. constitution stating all treaties must be fully recongnized. So what you ask? It allows congress to pass a treaty with another country, that if it was put into effect as a normal law, would be subject to the courts knocking it down as unconstituional. But instead since the treaty is an 'extension' to the constitution, the courts won't touch it.
Dereliction of the courts? Of course...but any excuse they get to weasal into your rights they take.
How many people out there with a computer are actually terrorists? How many people have been caught plotting a terrorist activity by the FBI using something like a network sniffer or Carnivore? Pedophiles, on the other, have been caught under certain circumstances. I would love to see pedophiles and terrorist get thrown in jail, but to give up everyone's right to privacy and to make potential criminals out of everybody is not the way to do it. I will NEVER consent to this type of fascist orwellian abuse of power. I will stop surfing the net alltogether should this happen. I know what you're thinking... "yea yea, whatever dude." However, I'm dead serious on this one. I value my freedom and my privacy more than anything and no I don't have anything to hide and I'm no criminal, however I do believe I am entitled to certain rights! On the other hand, I can only stand in horror and dismay at the eroding freedoms in the US. I posted a rant on Kuro5hin called Has the US government become to hungry for power? In this rant I pointed out some abuses by corporations and government both overseas and on the local front. I encourage you to read it.
If the FBI indeed pressured the NZ government to do this then a similar plan is in effect here. I mean we do have carnivore, but to have a backdoor to everyone's PC? That is an Orwellian nightmare! What about fourth amendment protection against searches and seizures? If they can go into your computer at will, the fourth is standing on it's last leg. Wait, civil forfeiture laws already have the fourth amendment on it's last leg. Well, so much for the fourth.
My point here is, if you give the government and inch, it will take a mile. This is an attempt by government to make potential criminals out of it's citizens. If everyone is suspect then the police don't have to justify a warrant. This is the end of your civil liberties buddy! It is sad that governments are using this technology to spy on their own citizens. What is more sad is that you buy into their lie and believe that government is doing this for your protection. It is doing this to have more control under the guise of "protecting the innocent." Sorry, I don't buy this and neither will anyone else with half a brain. Whether we can do anything about it is another story alltogther.
"They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin
the government knows more and more about what individuals are doing, which allows them to quickly focus on the dangerous ones
Unfortunately, for reasons of "national security" the SIS are above public scrutiney, which means there is no accountability or safeguards (the legal safeguards are effectively useless - you need to prove involvement before you can use them, and you need to use them to prove involvement) - a one way ticket to incompetance and abuse.
As happened in the past, and happens today, the SIS will be too busy pursuing those who deviate from their preferred ideology to ever actually get the real threats.
The classic example: The SIS is charged with defending NZ from enemy intelligence agents. The Rainbow Warrior was bombed by said foreign intelligence agents, and the SIS didn't do squat because they were too busy watching their ideological threat - the anti-nuclear protesters whom the agents bombed. To the SIS, French intelligence were the good guys because France had the Bomb, and anyone who opposed nuclear weapons was either a dumb housewife, a commie terrorist bastard, or both.
The closeted, inbred, secretive, paranoid culture of the SIS precludes them ever being effective, or ever not being a threat to average Joe-on-the-street.
The leftist attitude is we are all...
You've missed most of the picture. Intelligence powers are beloved by governments across the spectrum. Leftist ones don't like surveillance powers, but like those on the right, quickly discover how useful it is to keep the dirty laundry under "national security" and away from the public.
You should also note that many of these laws you claim come from the left actually came from the right. New Zealand for example, is acting on laws drafted by the previous, right-wing government.
I think you're making a mistake in twisting and interpreting the events to support your ideology.
I'm working in the UK right now. On Friday, I made the mistake of telling a meeting full of Englishmen that their government was bad and stupid, and how things were better back in New Zealand. After all, we have a Bill of Rights, a Privacy Commissioner, and the most uncorrupt administration in the Southern Hemisphere.
I'm going to take it all back on Monday.
It looks like what is needed is a multi-key type system. The idea is you generate some keys and get a semi-trusted 3rd party to keep one. Then to decrypt the data, you need your key and the trusted 3rd pary's key to decrypt any data. Even if you are forced to turn over your key, the other party may simply refused to turn over their key. This can be assisted by having either several keys that are all required and having friends that are far away. Add a tamper switch on the box that can be remotly tested by the 3rd party and you'll have one tough system to crack.
The Eftpos machines (credit card swipe devices that also use atm like encrytpion for debit cards) used in Australia have a key loaded into ram with the program. The tamper switch kills the power to the ram so the program and keys are all destoryed when you open the case.
When you get a bit older, and the government consistently oversteps its bounds to screw you over bit by bit, inch by inch, all in the name of "protecting you," sooner or later you will wonder how it happened.
Maybe you'll be audited. Maybe you'll sell your car to somebody who racks up $15k of violations, but due to a filing error, the DMV still thinks the car is yours and the cops have a warrant out for your arrest (don't laugh, this is happening to a friend of mine). Maybe you'll write a piece of software that somebody doesn't like. Maybe you'll write a book that somebody doesn't like.
You sound like you still have a lot of life to live. Once you spend a few more decades in the REAL world, and learn a bit more about human nature, and the nature of governments you will realize how naive you sound.
On the other hand, maybe you are a troll.
The history books are full of martyrs who died at the hands of somebody with a righteous cause of "protecting the innocent"
What if you are being persecuted under laws you don't happen to agree with?
I bet they're not going to be very good at it .... you wait - pretty soon they'll be licensing private firewalls ... and demanding their own backdoors ...
I remember them at a political demonstration in the early 80s - they stood out like sore thumbs - they were all ex-military and still looked it .... they opened a 'secret' office in my home town to watch the russian fishing boats .... disguised as a 'law office' of course all the local lawyers figured it out right away .... and they had their phone number in the phone book .... if you stood outside and called them you could hear the phone ring inside :-)
This will work for exactly as long as it takes to pass a law forbidding the practise. No longer.
Example 1: France for a long time forbade strong crypto. It was possible to use it to protect information, but the risks of being caught doing so must have often outweighed the benefits of privacy.
Example 2: Australia now requires ISPs to be responsible for Internet content, even though they can not effectively monitor or filter content. No doubt some poor ISP will find themselves prosecuted under this law.
Essentially, we have a political problem here, and the best solution is also political: to prevent such laws being passed, and to repeal existing ones. This is hard to swallow for people who would rather hack on computers than society, but I think it's the only long term way.
Either you are an American with a sense of humour (so rare as to be unlikely) or you live somewhere like Denmark. There are now very few countries left that do not spy on their own. America, UK and Canada started it although Eschelon was designed to spy on others it is more effective at internal intrusion. The UK has now strengthened its powers and France, Australia and others are following.
The Russians are cutting funding of their projects and as the system decays they become one of the better places to be. They may start funding again though that cannot be trusted. Most sensible EU countries (like Denmark) are the best because they actually believe in Human Rights instead of just claiming to like the US, UK, et al.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Of course the UK, NZ, Oz, Canadian and US governments are all doing the same thing -- they agreed to do so in 1947 when all 5 countries signed the UK-US Security Agreement (UKUSA for short). This formalized the cooperation that took place during WWII at Bletchley Park in the UK where the German Enigma code was broken and the world's first digital, programmable computer was built (Colossus).
They were real h/crackers. And they're still at it in the name of protecting freedom and democracy. You may disagree with that, of course, or disagree that this is necessary, but others are entitled to be concerned. For example, the Northern Ireland Omagh bombers are believed to have been identified by their used of cellphones and the British government's analysis of 15m (yes million) cellphone calls. This will have been traffic analysis, I doubt whether they bothered attempting to record/listen to every call.
Now, where's the balance, that's the question.
Circumventing ISP monitoring in NZ
The requirement that ISPs in New Zealand must provide a means of monitoring traffic for surveillance can be circumvented really easily.
Use a foreign ISP.
The price of international telephone calls has dropped dramatically in the last decade. Using a foreign ISP is now cost-effective, particularly if the only traffic is e-mails. A drug cartel that has $300 million of drugs to import won't care about a $3 international telephone call.
Circumventing decryption keys
To circumvent the requirement that a person sending a suspect e-mail divulge the key on demand is also simple. Separate the sender of the message from the author of the message, and have no direct contact between them. The sender could collect a message left on a floppy disk at a drop-point and send it, and even if questioned they would not have a decryption key to divulge.
Circumventing e-mail
The legisative presumption that a message is always sent via encrypted e-mail can also be used to send a message in an unusual way. For example, sound and image files can be used to send a message, as has been demonstrated in the past here on Slashdot where the DeCSS source code was encoded in this manner and posted to a web site.
By legislating in this manner, governments only make their job of law enforcement more difficult as various criminals find new ways of hiding their communications. What technology can reveal, technology can also hide.
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
And what if they use these powers to persecute political enemies, blackmail innocent people, or subvert the processes of the political system? Nah, couldn't ever happen...
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
England, under the Labour party, is working towards the same thing in GB.
Germany just wrapped up their "Cybercrime" convention, attacking individual "hackers (sic)" as the biggest threat to the Internet and ecommerce.
Clinton holds his emergency summit with Internet companies and wants billions for a "Cybercrime" law enforcement centre in cooperation with the FBI and NSA with broad sweeping powers to prevent Amazon and Ebay from being taken down again - oh, the horror!
And now NZ does this.
Ironically, nearly all of these governments are left-leaning and make claims to be soooo concerned about the rights of the individual citizen, but look who is penalized and whose liberties are at stake here.
The leftist attitude is we are all just cattle to herded and sand to be shoveled and they use their patsies the news media to fan the flames of misinformation and hype.
There is nothing these people hate more than our ability to think for ourselves, move around as we please and question their motives.
Nope, the government are just a big group of people - like any other - and they have no particular right to go through your stuff more than your local bowling club or supermarket.
They're not special, don't take their shit, and I'm going outa' protesting tomorro'.
--Giving to trolls for the benefit of us all
Sorry this post is slightly biased towards NZ'rs, but then so is the story.
First, go here and find out who your local Member of Parliament is. Yes, even if you didn't vote, they still represent you. If you're not sure what electorate you're in, look at one of the maps. (North Island or South Island or Maori Electorates)
Next, go here and find the email address and postal address of your local MP. Write them a polite email or letter stressing why you think that this legislation is bad. Try to summarise the main, interesing points in the first paragraph or two and then break into more detail. Use a spellchecker and if possible get someone to proof-read it. Wait for a couple of hours, re-read it, and if it still looks okay then send it.
Writing a letter is better, but since many IT people haven't written a normal letter in several years, email is better than nothing. Remember, you don't need a stamp when you're sending a leter to someone on Parliament. Just address it to "[Name], c/- Parliament Buildings, Wellington" where [Name] is the name of the MP you're writing to.
If you don't get a response from your local MP within a couple of days, resend it and apologise - suggesting that it might have gotten lost in the mail. If you still don't get a response, phone (04)471-9999 and tell them that their email relaying might not be working. Whatever you do, don't let it rest if nobody answers and don't be impolite.
===
Whenever I get portscanned I hack back and do
a chkconfig --del network, change root passwd
to some shit, and then shutdown -h now the whole
damn thing. If you did that too, the Internet
would be a much nicer, and quieter place!
I am happy the NZ government intends to help me.
What great timing--I'm in the midst of an argument with a friend as to why encryption is important to the average user. The funny thing is, he's a serious warez pirate, yet he doesn't see how anyone would care about what he does...
Anyway, this just goes to show that we should all encrypt everything...
ISPs and telecom companies will have to provide backdoors for government agencies.
I see at least 1 problem with that; ISPs and telecom companies dont make my operating system? How are they supposed to 'provide backdoors' that are not there? Sounds like a bunch of clueless people there in NZ... and even if there were these supposedly backdoors, what would be keeping all the 13337 kiwi script kiddies from using them? I think this is all a bit absurd...
If noise files are illegal then only criminals will have noise files.
Kevin Fox
Kevin Fox
It would make an interesting twist to the torture scenario described in the above link if Rubberhose, at the outset, had a way of specifying that this given data file must contain at least 15% (or 5%, or 50%, whatever) noise, and this number could somehow be encrypted into part of the noise in a keyed fashion that even the user wouldn't have access to. This way the torturers would feel even more uneasy because they'd realize that just because there's still 15% of the data left unaccounted for, that 15% could easily be Rubberhose's allocation.
Interesting stuff. Just another example that when you think of a cool software idea, you should check google and see where you can download it.
Kevin Fox
Kevin Fox
Who's next? As someone else has mentioned, it will be the UKUSA countries (US,UK,Canada,Australia,NZ). And it won't stop with a change of government. These alliances and treaties have been going for 50+ years now, I hardly think a change of govt in one of the member countries will affect a change in the SIGINT treaties. For example here in NZ, this change is coming in under the Labour govt, the least likely to implement it. National are far more likely to keep the alliance running smoothly, as they are the more conservative country when it comes to international politics.
As to the SIS being thugs? Yeah well thats true. But remember that everyone makes mistakes and that we only hear about their mistakes. We often don't hear when they are successful, for that would advertise sources etc that they have. And odds are it won't be the SIS going through the offending computer, but the GCSB. And they will be pretty smart. They trade places with other UKUSA orgs to learn tips and tricks and this includes rotational trips to the NSA. Odds are you won't notice them.
Do we need this legislation? Probably, as long as we have trusted people to supervise the proper use of the granted powers. Currently there is little protection against cracking into computers - I think you'd only get caught on wire fraud - so the law does need to be updated. Pedophiles and terrorists don't deserve the right to hide behind technology. OTOH individuals are entitled to protect their information and communication. We know this arguement, and I'm not going to bring it up here. We do need good oversight and clear reporting and control by elected officals though to ensure proper use of this tool should it be implemented.
Re ISP/Telcos role. Remember that NZ is a fantastic testbed for new technology. We currently have one of the largest VoIP installations in the world completed by Cisco (outside of CSCO itself). With the potential for VoIP, don't you think we would also make a great testbed for signal analysis testing of this new tech? Also, everyone knows that the Internet is an untrusted medium and should be treated as such, you should already assume that your ISP/Telco is logging and analysing your traffic. You'd be foolish not too, which means that the ISP/Telco role potentially changes little. Your traffic is travelling over a commercial service, and they have control. Don't like it? Get off our pipes, they'll say. Oh, and the Southern Cross Cable? Half owned by New Zealand Telecom, and a quarter owned each by Optus Cable and MCI Worldcom, it is going to carry a large amount of data between Australasia and North America. Odds are it will carry much of the South Pacific data. Of course they want to legalise access to this bandwidth.
It comes down to this. Use a firewall. Use special machines to access the net. Dumb them down. Remove the services that aren't required. Companies should completely segregate their trade secrets and critical info anyway, so the excuse of crackers using the proposed systems to perform industrial espionage just doesn't cut it. The corporate secrets shouldn't be on Internet connected machines anyway. This mirrors to individuals also. Keyboard loggers are an easy way to get around encryption, and we've got a product of our own which apparently has been very popular with the US TLA's - KeyGhost.
But most of all, ensure accountability and responsibility of the organisations involved. They better not criminalise the tools though - that would be going way too far.
Cheers
rediguana