Surveillance

So basically you're proposing with your current proposal is that government should not take any action in certain circumstances? And that is all?

Yup, I could totally agree with that!

@strypey Don't get me wrong here, where you say "What I object to is that constant mass surveillance is becoming normalized." I 100% agree with you.

I agree with what you are saying here, in crimes where physical evidence abounds, such as: robberies; murders; arson; car crash etc... then traditional policing methods should be enough.

However there are plenty of crimes where physical evidence is minimal, these are generally what are classed as "white collar crimes", these types of crimes are where I see that surveillance; properly administered and under strict guidelines; can make a massive difference.

@adambullen
"surveillance; properly administered and under strict guidelines"

Let's say I accept this for the sake of argument. Can you describe what sort of strict guidelines would be adequate to protects our rights and freedoms? This is the sort of detail we need in a proper policy statement.

@strypey
I don't have a clear picture of what would be required.

I have some basic concepts, such as:
1/ part of an active criminal investigation;
2/ a "surveillance warrant" issues by a judge (I'm not sure if this would be a blanket for the entire investigation (unlikely), suspect, or for each individual instance of surveillance);
3/ strict guidelines for how long the data can be kept for.
4/ an information audit, as a requirement of any warrant issues to ensure the data is destroyed as appropriate.
5/ harsh penalties if it is found that data wasn't destroyed, as the officers involved would be effectively breaking the law.

There are probably many more requirements, but I can't think of them right now. But if this were to be a serious discussion that would be moved to a policy vote. I would like to "sit down" and flesh out exactly what restrictions and limitations would be in place.

Overall I think the police and the judiciary do a good job in very difficult circumstances. However don't read in to that as "always", mistakes are made all to often. I also think the police have interpret the law in some situations where they should only have to enforce the law.

But it needs to be codified in law that any surveillance of ordinary citizens not part of an active criminal investigation is illegal and punishable by some harsh penalties.

One other thing I would like to mention.

I find it deplorable that governments around the world have a nice little system where they spy on each others citizens and give the information to each other just so they can say "we don't spy on our own citizens"

Having someone else do your dirty work should be seen as doing it yourself.

@adambullen

if this were to be a serious discussion that would be moved to a policy vote. I would like to “sit down” and flesh out exactly what restrictions and limitations would be in place.

It is. That’s what we’re here for.

I also think the police have interpret the law in some situations where they should only have to enforce the law.

In practice, you can’t do one without the other.

When it is moved to a policy vote we should take a lead from the European Union which is rolling back repressive legislation in this area both in the European Parliament and the European Court.

Meta data must be protected from mass surveillance as we all have something to hide:
http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/

I've been invited to speak at a "Stop the Spies" event here in Ōtepoti next Tuesday. I intend to focus on the chilling effects of widespread surveillance on public interest activism/ active citizenship, democratic participation, independent journalism ie areas I have experience with. However, I will get them to identify me on the promotional material as a spokesperson for the NZPP (unless there are any objections?), so I've been reviewing where we got to with this discussion.

Any further points members would like me to raise? Do we currently have a formalized policy on Surveillance?

There have been hacks of 'security' companies like Gamma and Hacking Team in Europe and there have been some hacks in the US as well, where the internal communication of those businesses where leaked. What we learn from that is that there is a huge black market for zero-day-exploits. massively heated up by western governments paying huge amounts for those or software relying on them. The effect is that law enforcement agencies have an interest that those exploits are not published and fixed. This is dangerous, if not to say perverse.

I came to the conclusion that it is imperative that governments shall not be allowed to buy zero-day-exploits to facilitate their surveillance or buy 'forensic' software that relies on those. Instead governments must be required to immediately work with the software companies that are responsible for security leaks in their software, aiming to fix those security issues ASAP before they become public and can be exploited.

Governments should be allowed to run transparent bounty schemes to acquire knowledge of security issues and fund honest security experts, but never for the purpose of exploiting them themselves!

If it is a public meeting then avoid being too technical. One point that I have not seen raised anywhere yet is the danger to New Zealand's IT industry. As more backdoors in software is being found and the calls for restrictions on encryption are being made by spy agencies there is a danger that software from Five Eyes countries will no longer be trusted. That would be catastrophic for our IT industry

@andrewreitemeyer:
"avoid being too technical"

I was thinking about getting about 50 free postcards, and 50 envelopes, and putting them under each seat. Then I could invite people to write something on the postcard - "you just wrote a normal email". Then I could invite them to put the postcard in the envelope - "you just encrypted your email, but quite weakly. It's not hard to steam open the envelope. However, if your friend posted you a padlock to which only they have a key, and you locked your envelope in a metal box and locked it with the padlock, that would be much stronger encryption". Then I can get them to address the envelope - "now even though your mail is encrypted, there is a destination address, maybe a 'from' address, and a postmark showing where and when it was posted. That's meta-data." Basically using an everyday, familiar technology to explain by analogy.

I like the sound of that. That will be remembered.