An admirable feature of the national security bureaucracy is its persistence. If you don’t get it right (or what you think is right) try, try, try again.
On Tuesday, the New Zealand Parliament passed the Telecommunications (Interception Capability and Security) Bill, which updates the Telecommunications (Interception Capability) Act 2004. That Halloween reward for the intelligence community authorises surveillance of that nation’s phone and internet traffic.
The new law follows revelations that security agencies across the world are spying on other governments, on individuals and businesses and have been since the beginning of cross border telecommunications.
After condemning the sort of US surveillance activity highlighted by whistleblower Edward Snowden (now at home in Putin’s freedom-loving Russia) the government of Brazil has, for example, ‘fessed up that it’s been spying on the US. Most of that surveillance is quite legal, because it’s been authorised by legislatures.
The NZ law also follows several inquiries into telecommunications surveillance, triggered by action against the flamboyant Kim Dotcom who’s facing prosecution for copyright infringement.
The inquiries revealed that there had been misbehaviour regarding surveillance. The solution? Amend the legislation.
It’s a traditional response: action is lawful (although not necessarily ethical) if authorised by law. The new legislation does not give government personnel a blank cheque. It does, however, give them the equivalent of a credit card with a very large limit. It differs from early proposals that would have provided a better balance of privacy protection and legitimate gathering of information.
Across the ditch (and the world)
There is similar legislation in Australia and all the advanced economies. It is consistent with exemptions in Australia’s national Privacy Act and the state/territory privacy legislation, and with requirements under the Council of Europe Cybercrime Convention that’s shaping surveillance law across the globe.
In essence the law allows the NZ Government Communications Security Bureau (GCSB) – counterpart of the Australian Signals Directorate (ASD) and Britain’s Government Communications Headquarters (GCHQ) – to access customers’ emails, texts and phone calls.
GCSB, along with the ASD and its peers, share information. We of course don’t know what information, when and how. We in Australia trust in bodies such as the Inspector General of Intelligence and Security – which reported last week – to identify any collection and sharing that’s outside the law.
Details of the Inspector General’s operation are, of course, secret.
NZ prime minister John Key last week said:
what I can tell you is that whatever we do is lawful.
Only a cynic would respond “he would say that, wouldn’t he?” and that perhaps the law is so wide as to authorise what shouldn’t be done.
quite frankly, there’d be nothing that anyone could hear in our private conversations that we wouldn’t be prepared to share publicly.
Minister Coleman clearly hasn’t looked at the way NZ Freedom of Information law is operating, given that much official information in both NZ and Australia isn’t available.
It is about to sign up to the TransPacific Partnership Agreement, which will probably fundamentally affect Australian business and health. We know almost nothing about that agreement, given that the negotiations are secret.
The new NZ law is another step, rather than an ending. It’s likely to be amended to require internet server providers (ISPs) and phone companies to retain metadata for several years for access on request by police, local councils and other bodies.
Australia’s Attorney-General’s Department is apparently – sorry, secrecy keeps getting in the way, so it’s “apparently” – keen on retention of the content of many communications rather than just the metadata.
Welcome to the world of big data, pervasive surveillance and secrecy about policy development.
Rather than concentrating on the NZ law, we need to think about what our governments tell us about the making of privacy law, surveillance and secrecy. We need to be able to engage with the making of that policy. If we don’t, we’ll all get something really scary at Halloween.