2013-08-17

MENU:
Preamble | Q&A Dr Paul Buchanan | Q&A Seeby Woodhouse | Q&A Thomas Beagle

In this special feature, The Daily Blog considers whether New Zealand has over-stretched its diplomatic balancing act straddling a precarious expanse between US security-intel interests and a progressive trade relationship with China. We ask 36th Parallel Assessments‘ security analyst Dr Paul Buchanan; Orcon founder and current CEO of Voyager Internet Seeby Woodhouse; and Tech Liberty’s Thomas Beagle what they think of the GCSB Bill, cyber-security, and whether New Zealand has pushed the US-Intel envelope too far.



Preamble:

Is the Prime Minister justified in his assertions that new spy laws are necessary to curb 21st Century-styled espionage, cyber-crime, and provide cyber-security?


PRC President Xi Jinping and John Key.

ONE MAJOR BUT OVERLOOKED CONSEQUENCE of the Government’s GCSB legislation is what impact it will have on New Zealand’s relationship with our second largest trading partner – the People’s Republic of China.

Through the past six years the New Zealand Government has advanced a rapprochement of sorts with the United States that has pulled us further inside the intelligence-share fraternity of the Five Eyes alliance.

Where once New Zealand was treated like an untrustworthy in-law, kept away from the family’s secrets, now we get to share more than just the ‘shortnin bread’ that falls to the intel-scullery floor.

Since 2007 New Zealand has tilted its axis significantly. Our brand as an independently positioned Pacific island state has oscillated back toward becoming the little finger in the Anglo-Saxon fist.

And since 2008 an ideological tug-of-war began to tear at the heart of New Zealand’s foreign policy. By 2012, even the Wellington-based diplomats of our closest neighbour, Australia, began to ask those of us who write on such things ‘how do you define the Kiwi foreign policy? Is it trade-led or is it swinging toward what the US insists be so – a security-defence-intel-led engagement with the outside Western world?’

The questions were right on the money. In the past two years New Zealand has signed up to NATO security pacts (ahead of Australia) with an emphasis on cyber-security; the Wellington Declaration too pulled us into a closer diplomatic engagement with the US; and the Washington Declaration sucked New Zealand into a United States-led defence and combat commitment.

On the eve of the latter being signed China’s diplomats too were asking whether New Zealand and the US were to take it a step further. Their concern was that a new version of the ANZUS Alliance would be born. The difference between a Declaration and an Alliance is subtle but gravely significant: an Alliance would forward commit New Zealand to all US-led wars and combat while a Declaration offered a thin slither of wiggle-room should a future New Zealand wish to not engage in US-led wars.

As it turned out the declaration was a feather-quill short of an Alliance, but as they say in some diplo circles, that observation is purely academic.

Since 2010, the NZ-US relationship has blossomed. For our part, we snuggled in nice and cosy, smiling contentedly against Uncle Sam’s bosom, as soon as the US superpower unfurled his folded arms to pull us in close. Some of us stirred uneasy, speaking as if in isolation, asking what we had lost along the way. Independence of thought, the strength of the morality of our values-based argument, was traded for a taste of security-defence-intelligence. Our National-led Government ministers seduced us with narrowly crafted sound-bites and spoke of how our security and future prosperity would be enhanced now we had found shelter from the isolation of our south Pacific winter.

Today, we are about to herald the advent of our new New Zealand Spring. In our name, our legislature is about to create these extensive new powers for the Government to complete its electronic intelligence surveillance circuit.

China, it’s fair to say, is feeling jilted. She asks why New Zealand has treated her so dishonourably. China after-all has extended the hand of trade our way permitting access to its peoples where we sold our goods and services, worth billions of US dollars, largely free of tariffs and regulatory barriers nor compliance costs.

Why did New Zealand do this dishonour? Why did it submit to this US Master and position itself to block Chinese ICT hardware giants like Huawei, ZTE, and Lenovo from tendering for New Zealand Government business?

The estrangement has been coming for some time now. But now, at this juncture, instead of diplomacy, the People’s Republic of China appears to be using its most effective weapon against New Zealand: the all powerful threat of trade sanction.

Is this what lies behind China’s aggressive uncompromising stance over the Fonterra contamination scandal?

Last week China warned New Zealand’s trade diplomats that our Government must move to restore confidence in the quality of our export products – not just with investigations and assurances but by fixing the fundamental causes that underlay the corruption and failure of our 100% Pure New Zealand brand.

For New Zealand to comply with China’s demand, it will cost. It will also require a shift in New Zealand Government thinking, a policy adjustment away from blind loyalty to free market access ideology toward a realisation that quality control must be the real backdrop to the nation’s marketing push.

This is serious stuff, but in diplo-circles it is accepted that when a staunch message is delivered by a powerful external power, you not only listen and comply, you decipher what it is really saying.

Last weekend, China’s economic counsellor Zhang Fan (based at the PRC’s Wellington Embassy) said China was seeking improvements in Fonterra operations: “Mistakes should not be repeated again and again. Three times and you are out,” he said.

That comment was significant. It is the most staunch expression of dissatisfaction to have been uttered by a senior Chinese diplomat since 2008 when New Zealand signed up to China’s first Free Trade Agreement with an OECD member state.

*******

Questions and Answers

Questions and Answers – Dr Paul Buchanan:

SELWYN MANNING: What are the key justifications advanced by the National-led Government for the GCSB amendments and the Telecommunications Interceptions legislation and how real, in your view, are those justifications?

DR PAUL BUCHANAN: The key justifications are to clarify the GCSB’s domestic espionage role and to strengthen its cyber security and counter-espionage capabilities. The latter in large part dictate the former. The 2003 Act is unclear as to the circumstances of the GCSB “assistance” in domestic espionage. The threat posed by cyber espionage and hacking by foreign state and non-state actors, as well as domestic infiltrators, has increased exponentially since 2003. The proposed changes to the Act are designed to clarify the circumstances in which the GCSB can directly or indirectly engage in domestic espionage while strengthening the GCSB’s powers to curtail or defend against cyber attacks on behalf of public and private agencies.

SELWYN MANNING: I note, cyber-security is a significant justification given, is this being used as a fear lever to create a compliant mood within the population or should we be concerned with cyber-security threats? If the latter, who or what are the main aggressors here and does the degree of threat justify the extension of powers that this legislation hands to the intelligence agencies? 

DR PAUL BUCHANAN: The threat of cyber espionage and hacking is clear and present. It has forced a reorientation on the part of the signals intelligence community away from radio and satellite intercepts and towards fiber-optic cable and computer soft- and hardware security. The main aggressors are foreign state and non-state actors who seek government as well as corporate and individual private or secret information. There are also groups, like Anonymous New Zealand, that are domestic in nature who attempt to hack into government and private electronic communications for activist or ideological (as opposed to criminal or military/diplomatic/economic/security) purposes.

The range of cyber intrusions is broad: criminal identity theft, scamming and intellectual property theft, phishing, mal and spyware placement, corporate, military and diplomatic espionage probes, activist leaking and whistleblowing—the extent of cyber-intrusions is huge and the GCSB needs to play catch up when it comes to countering them. This is particularly true because operational security in New Zealand, both in public and private agencies, has been a notorious weak link in the Echelon/5Eyes system. The general consensus is that New Zealand cyber security, particularly of government systems but also small and medium sized businesses, universities and interest groups, is a decade or more behind the technologies used to infiltrate New Zealand IT networks. Thus the need to revamp and reorient the GCSB priorities.

As proposed, the proposed amendments to the 2003 GCSB Act and 2004 TICS Act have these concerns at their core, but are over reaching in the scope and extent of the GCSB’s ability to spy domestically because they propose to engage in mass cyber trawling without specific cause and make compulsory before the fact that telecommunications firms provide backdoor access to their source and encryption codes, again without specific cause or threat. They also expand the extent of warrantless domestic espionage.

SELWYN MANNING: Do you believe the legislation is being driven by the interests of the United States of America, by New Zealand’s national security interests, or a mix of both?

DR PAUL BUCHANAN: It is a mixture of both. There are legitimate reasons to tighten cyber security in New Zealand, but the legislation also brings the GCSB and TICS Acts closer in line with relevant US and UK signals intelligence legislation. The problem is that New Zealand’s threat environment is very different than that of the US or UK, so the alignment of legislation is an over-reach in the New Zealand case (for example, New Zealand has much less to fear from an Islamist terrorist attack that the US or UK for a variety of reasons, yet the proposed changes to 2003 Act are justified in part on preventing such attacks on New Zealand soil or against New Zealand interests even though by their own account neither the SIS or GCSB see such threats as likely or imminent). New Zealand’s culture of privacy is also dissimilar to those of the US and UK, which have far more pervasive mass surveillance systems in public places and domestic cultures of violence and criminality that far exceed those of New Zealand.

SELWYN MANNING: What are the consequences of this legislation from an applied or operative viewpoint (for example, are NZ’s intelligence capabilities able to be deployed on a scope permitted within this legislation), and, also, what is the likely impact on New Zealanders, permanent residents and recent immigrants (from a civil liberties point of view)?

DR PAUL BUCHANAN: With the help of its Echelon partners, the GCSB and New Zealand intelligence community will be able to more effectively engage its expanded signals intelligence role and strengthen its cyber espionage and counter-espionage capability. However, the impact on New Zealand residents and citizens will include among other things the sharing of their meta-data within the 5 Eyes network, and the warrantless surveillance of those classified as foreign persons or entities. The latter encompass foreign-based private firms, NGOs, IGOs, political organizations (such as transnational refugee organizations or parties in exile), labor confederations, sports groups as well as diplomatic missions. “Foreign entities” also include New Zealand citizens and residents who work for such organizations, who could be spied upon without a warrant in their work environment or in a work-related capacity (such as using their lap- or desk tops to do work at home).

The terms and conditions for the issuance of warrants remains very vague due to the broad definition of “national security” (to include economic security) and “threat”, and those issuing the warrants would be the PM (as Minister of Intelligence and Security) and the Commissioner for Security Warrants (a retired judge).

The proposed changes to the oversight mechanisms are cosmetic at best and remain after-the-fact as opposed to proactive (e.g., the enlarged Inspector General’s office is not involved in the issuance of warrants but reviews those that have been issued after their authorized operations have been initiated. The IG’s office remains appointed by and dependent for resources on the Prime Minister, who signs off on most national security warrants. The proposed annual public parliamentary select committee reviews on warrants and financial statements are also ex post and do not include review of operational details).

This does not substantially increase the protections of citizens from invasions of privacy, especially because meta-data collection is not addressed in the Bills and hence can be collected and shared without warrant and outside of the legal apparatus governing the GCSB’s operations (as is currently the case).

Meta data is “mined” (collated) using network analysis techniques, so innocent third parties and more (think friend of a friend of a friend’s friend) can get caught up in national security investigations and espionage although they have no involvement in illicit activities of national security threats. Moreover, meta data is stored in the event of future need, which violates the presumption of innocence and right to privacy that are bedrocks of democracy.

SELWYN MANNING: Will there be a likely erosion of support for the incumbent government? If this is likely, what will drive it and will it advance a rapid deterioration of trust for the authorities or a slow descent of popular support.

DR PAUL BUCHANAN: The short-term impact of passing the GCSB and TICS Bills with a one vote majority will likely be a drop in government popularity, but that will be temporary given the public’s short attention span, the evolution of the news cycle onto other stories and traditional public disinterest in security matters. Moreover, the opposition is incapable of capitalizing on the government’s heavy-handed passing of the legislation due to its own internal conflicts.

SELWYN MANNING: Will the legislation likely be repealed? If so why?

DR PAUL BUCHANAN: It is unlikely that the legislation will be repealed prior to late 2015, if ever. There reasons are two fold: First, if the Bills pass there will have to be a review of the GCSB and other New Zealand intelligence agencies in 2015. That will be a long process from which recommendations will follow that may or may not be implemented by the government of the day, and which may or may not invite a repeal of the amended Acts. Since a proposal to repeal will impinge on ongoing operations conducted under the amended legislation, it will be difficult to effect the repeal without undoing the work of those operations.

The security community will be adamantly opposed to any such action and will lobby hard against a repeal. They will likely use claims of thwarted attacks and larger public insulation from intrusive mass surveillance as justifications as to how legitimate and non-obtrusive the revised powers of the GCSB are in practice. Thus, even if the review is concluded by late 2015, a repeal is unlikely even if other recommendations coming out of the review are implemented in 2016 or later.

The second reason why the legislation will not be repealed is that even if Labour leads a coalition to victory in 2014, it has a recent history of using expanded security legislation for its own purposes and has, in fact, been the major instigator of the expansion of state powers of surveillance and control since 9/11.

Unlike the Greens, whose opposition to the Bills is based on principle, Labour’s current opposition is politically opportunistic. Even if the Greens serve as a tail that wags the Labour dog in a future Labour/Green government, issues of domestic priority such employment relations, health, education, housing and welfare reform, natural resource exploitation and the like will take precedence over intelligence and security matters in the minds of all coalition partners.

Thus it is unlikely that the legislation will be repealed even if National is replaced in government, although it is possible that under Green pressure the terms and conditions for issuing domestic espionage warrants and warrantless surveillance involving the GCSB might be tightened and narrowed within the language of the amended Acts.

SELWYN MANNING: Does this legislation set New Zealand apart from other member states within the Five Eyes Network? If so how? Or are the other member states developing similar security, surveillance, intelligence capability? In short what is the pattern here within the F.E Network. Is this a case of the Five Eyes Network catching up with the operative capabilities in the Gulf states and authoritarian regimes or does it advance ahead operationally?

DR PAUL BUCHANAN: The proposed legislation brings the protocols surrounding signals intelligence gathering in New Zealand more in line with those of its larger 5 Eyes partners.

This is specifically the case with its cyber espionage role, which has moved into the domestic arena because the nature of cyber intrusions make it difficult to clearly differentiate between foreign and domestic threats (in the current security environment threats are now seen as being “glocal” or “intermstic,” referring to the grey area of overlap between foreign and domestic threats). Thus the GCSB will devote more time and resources to its cyber security role and less to its traditional foreign signals interception role, although the latter will remain as the mainstay of its duties within the 5 Eyes network.

In making these adjustments the Five Eyes community as a whole, and each of its member states, have taken a page out of the security manuals of non-democratic states. The latter prioritize security over privacy and transparency, so questions of untoward or unwarranted intrusion by the State into the personal and collective lives of citizens largely go unaddressed or unanswered. For liberal democracies such as those in the 5 Eyes network, such questions lie at the core of their respective political cultures, so the move to prioritize security over civil liberties has been more difficult to achieve even with the changed public mindset resultant from 9/11.

SELWYN MANNING: What impact will the New Zealand legislation have on its relationship with the People’s Republic of China? Can New Zealand maintain a progressive trade relationship with the PRC while advancing the strategic security/intelligence/defence apparatus that advantages the USA – or has that relationship reached its zenith?

DR PAUL BUCHANAN: New Zealand is attempting to walk a strategic tightrope in balancing its trade dependency on the PRC with its first-tier security partnership with the US and 5 Eyes. The New Zealand government sees the balancing act as a good way of hedging its bets given future market and geopolitical uncertainties. But even if that is the rationale (as opposed to short-sighted opportunism uninformed by longer-term calculations, as some have claimed), it appears to be based more on wishful thinking than sound strategic logic.

For example, much of the focus of the enhanced GCSB cyber security role is clearly directed at Chinese cyber espionage, which is a mix of corporate and traditional state espionage done via electronic means. Already problems have emerged that impact on New Zealand’s strategic balancing act. The exclusion of Huawei from critical broadband infrastructure tenders in New Zealand follows on its exclusion from Australian, US and Canadian broadband rolls outs and a major review of those contracted in the UK.

That exclusion, announced in 2013, reverses the New Zealand’s government prior stance, announced as late as mid 2012, that it has no issues with Huawei as a possible front for Chinese intelligence and was therefore happy to it bid on all broadband contracts. Although it was phrased diplomatically (market dynamics was given as the reason for Huawei’s non-selection although it is understood that it under-bid all competitors), that change of heart suggests that pressure was brought to bear on the New Zealand government by its intelligence partners to heed their concerns about the possible espionage role played by Chinese telecommunications firms, Huawei in particular.

In response, controversies about New Zealand primary exports to China (meat and milk powder, in particular) have given the Chinese regime an opportunity to attack New Zealand’s safety and reliability record as a trade partner. The harsh language used by official Chinese news outlets suggests that more than concern about product safety lay behind the criticism.

Worse yet, such strong official criticism de facto resets the ground rules for New Zealand trade with the PRC, as the official Chinese line is that New Zealand can no longer be trusted to ensure the agreed-upon quality standards for its exports. Comments in official Chinese government news outlets about New Zealand’s false claims about its (less than) pure brand image and its market zealotry are clearly intended to question its reliability as an international actor. Implicit in the questioning of trust is the broader question of New Zealand-PRC relations.

DR PAUL BUCHANAN: The broader picture does not help. China has become a major presence in the West and Southwestern Pacific in the last fifteen years, which has in turn prompted the US decision to engage a strategic “pivot” towards the Asian Pacific Rim that involves the priority redeployment of military and intelligence assets to that region. New Zealand’s balancing act could well be destabilized as a result of the growing possibility of a super power standoff in the region.

In particular, it may have to eventually choose to fully align with one side over the other, particularly if the strategic competition between the US and PRC heats up into open military competition in the Asia Pacific theater. The diplomatic repercussions of such a move will be quite severe, as the PRC has become a major economic partner of many South Pacific countries and therefore has considerable diplomatic sway over them at a time when traditional sources of patronage and influence such as Australia, New Zealand and the US are on the wane.

Thus whichever way New Zealand chooses to align itself in such an eventuality, it will pay a heavy diplomatic and/or economic price for doing so.

*******

Questions and Answers – Seeby Woodhouse:

SELWYN MANNING: What do you see as the key justifications given by the National-led Government for the legislation and how real, in your view, are those justifications?

SEEBY WOODHOUSE: The justification that the NZ Govt is giving to introduce the GCSB Amendment is that we are under the imminent threat of Terrorism. The Prime Minister even recently made the claim that Al Qaeda terrorists are being trained in NZ, however no proof to substantiate this claim was provided.

It seems highly unlikely to me that Al Qaeda would be interested in a NZ base, and “terrorism” is often used as a scare tactic and justification to sweep away civil liberties, which I find abhorrent. Just look at the erosion of rights that has occurred in the USA since 9/11, with the legalisation of torture, and “Pre-emptive first strike” capabilities, and dilution of their constitution. 

New Zealand has only ever had one terrorist attack (The bombing of the Rainbow Warrior), and I think that the risk of terrorism to the average New Zealander is as close to zero as you can get, and therefore the legislation is clearly un-necessary, and certainly not urgent.  

The NZ public deserves to know all the facts before a decision is made, and not have the Government simply rush legislation through parliament that would grant the USA and allies unlimited spy powers over our population. I see the justifications being given for the GCSB Bill by the Government as false, and believe the legislation is simply being enacted to pander to the USA.

New Zealand is part of the “Five Eyes” spy network comprised of the USA, Canada, the UK, Australia and NZ, and we are no doubt being asked by our allies to “do our part” to snoop on the world. But should a government simply do what other countries tell us to? I believe that our government is responsible to the people, and the people of New Zealand do NOT want to be spied on.

SELWYN MANNING: I note that cyber security is a key justification put forward by the Government. In your experience have (or are) New Zealand internet users and businesses vulnerable to cyber security crime or infiltration to a degree that would warrant this legislative change?

SEEBY WOODHOUSE: I do not believe that the legislation being proposed is going to have any effect in reducing Cyber crime, because unlike the usual population, Cyber criminals know how to hide their IP addresses and fake their identities. The legislation being proposed is going to help the govt snoop on ordinary people’s web browsing, txt messages and phone calls, but these activities generally have almost no involvement in cyber crime, and are not done by hackers in the process of hacking. 

Cyber crime is about finding back doors, attacking servers, and then conducting exploits and Phishing scams from behind an army of anonymous servers and bot-nets. Cyber criminals make their money by tricking people through spam emails and breaking into computers, and they are already caught from the records that ISPs and the Police (with appropriate warrants) can re-construct from IP addresses and the evidence left behind on compromised machines. We do not need additional legislation to catch cyber criminals and Pedophiles, we are doing it successfully already.

SELWYN MANNING: Following on from the above question, have ISPs in New Zealand provided consumers (both personal, professional and business clients) adequate and satisfactory security to minimise the risk of a cyber-attack or infiltration? Indeed, is it the role of ISPs to provide such safeguards?

SEEBY WOODHOUSE: I do not believe it is the role of ISP’s to provide such safeguards as a default. ISP’s should provide fast and seamless access to a completely neutral Internet. Any judgement by an ISP on whether traffic is “good” or “bad” becomes a form of censorship, and I do not believe that is the role of ISP, nor do I believe that ISPs should be compelled by legislation to provide such services. However, if consumers want additional security or security products, then clearly some ISPs may offer those services and that will give them a competitive edge if that is what consumers want. But ISPs should not block certain kinds of content unless requested to by their customers. The reason that the Internet has been so successful is that it has been completely free of outside control or influence, and it should stay that way in order for innovation to flourish. 

SELWYN MANNING: In New Zealand, there has been a lot of reportage around whether Huawei hardware pose a security risk to New Zealand. While the NZ Government has not sought to ban Huawei products from being sold in New Zealand the new legislation would empower the security intelligence agencies, the GCSB, to test and approve or ban all hardware that it deems non-compliant to its yet to be stated standards. Do you feel this is justified or do you suspect it is a way for other state members of the Five Eyes network to block or ban such hardware?

SEEBY WOODHOUSE: It believe that it would be relatively easy for any talented computer hacker to reverse engineer a piece of Huawei equipment, analyse the information coming out of the box, and determine if there are any spying capabilities in the hardware.  

Because no-one has found any such capabilities my belief is that Huawei equipment does not pose any risk to the security of NZ or the USA. Vodafone and 2Degrees (2 out of the 3 largest Telco’s in NZ), already use Huawei equipment all through their networks so it is a moot point anyway.

I believe it is much more likely that the Five Eyes network is much more keen on equipment from USA vendors being installed all around the world, because then at least they can have some control over how interception and spying is done, and if there are back doors in Telecommunications equipment, then they will control them and not China. However, most of the “spying” that is already done by the USA and others does not occur in the routing equipment that Huawei makes, but by simply splitting off or intercepting data in the main fibre networks and then sucking up all the information flowing out of it, or having back doors installed in Facebook and Google servers to allow the Govt access free reign in the “back end” of Cloud systems.

SELWYN MANNING: In short, is this more about the USA’s NSA ensuring it has a way of blocking hardware, hardware that it does not have port access to?

SEEBY WOODHOUSE: I would say that this is likely, and given the fact that we now have proof of wide-scale spying by the USA, but no proof that China has been doing the same, it seems hypocritical to have such an issue with Chinese equipment.

SELWYN MANNING: What do you make of the claims that if New Zealanders have nothing to hide then they have nothing to fear?

SEEBY WOODHOUSE: I have heard that Josef Goebbels from the Nazi party said exactly the same quote circa 1939. Clearly the Jews who thought they had nothing to hide, ended up being wrong. We have only known about PRISM for a month or two, and yet there is already evidence coming out of the USA that the NSA is abusing this data, and has been passing people’s private browsing history to other government departments – and lying about it.

So citizens are being arrested on minor Marijuana charges or copyright infringements, and then being told that the reason they were stopped by the Police (for example) is simply a co-incidence. This is an epic violation of the US constitution and civil liberties, and it goes to show that power is very easily corrupted.

In New Zealand, our own Prime Minister was so upset that his public conversation was recorded (in a public forum, in a public place, knowing he was surrounded by reporters) that he requested an investigation, and that investigation department (without even being asked) had a journalists phone records with his lawyer analysed to see whether the journalist was lying.

This is a monumental beach of the Journalist’s right to client confidentiality with his attorney, and a clear abuse of the PM’s power. When this kind of concerning behaviour is occurring so quickly, it is a clear warning sign that down the track we may have situations occurring where say for example an Insurance company refuses to pay out for your heart transplant because they discovered that you researched your condition on the web a month or so before you told them you had the condition.

Do we want to live in a society where anyone can pull up your entire life on their screen and interrogate you about anything you’ve ever done and your motivation for doing it? I don’t think that’s what we want. How many people would have Googled “Pressure Cooker bomb” out of morbid curiosity after the Boston bombings? Probably hundreds of thousands of people. Are many of these people terrorists? Probably just about none. So do we want to be using “evidence” like this against regular citizens in the future? Do we want to start arresting people for having a “thought crime”? I think that this is a good way to start a dystopian horror society of epically evil proportions. Have you ever had a bad thought about a friend, and then was glad that you didn’t say anything to them, so they didn’t know you had the thought and your friendship was preserved?

The Internet is becoming an extension of our brains, our personalities, a record of our thoughts and our private selves, and every single person alive should be concerned about governments around the world starting to reach into your head and being able question your private thoughts, to construct a “rating” of you as a person just based on your Google history. “Any society that would give up a little liberty to gain a little security will deserve neither and lose both.” – Benjamin Franklin.

SELWYN MANNING: From a business point of view, do you feel the legislation will affect the relationships it has with the United States, and that of the People’s Republic of China? If so how, and if not why not?

SEEBY WOODHOUSE: New Zealand has previously stood up to the USA about Nuclear Warships (we disallowed them into our waters), and I don’t believe that detrimentally affected our relationship with the USA. Ultimately I believe we got respect for the fact that as a sovereign nation we stood up for what we believed, and against what the USA wanted.

I believe that New Zealand should make it’s own decision about PRISM style spying on the population, and that we should reject it wholeheartedly. I believe that if we don’t reject PRISM then it could adversely affect NZ’s relationship with China, as we have a free trade agreement with them, and we may be pressured by the USA to not purchase Huawei equipment (for example), or be seen more by China as a puppet of the USA, and therefore not as valuable a trading partner.

*******

Questions and Answers – Thomas Beagle:

SELWYN MANNING: I note that cyber security is a key justification put forward by the Government. In your experience have (or are) New Zealand internet users and businesses vulnerable to cyber security crime or infiltration to a degree that would warrant this legislative change?

THOMAS BEAGLE: It’s very hard to tell just how much harm is being done through cyber crime or spying. Most claims tend to come from computer based companies selling security products and obviously they have an interest in coming up with the largest numbers possible in order to get a good headline. Obviously there is some, but we’d say it’s equally as obvious that it’s not a huge problem.

It is our belief that the NZ Police is the right body to investigate crime in New Zealand. We also see a role in the government providing some form of coordination between ISPs, telcos, security companies and the like, again probably being run by the Police as part of their efforts to prevent crime.

We don’t see a need for the GCSB, a spy agency, to be given a new role investigating cybercrime. In particular we don’t see this as justifying giving the GCSB the powers to monitor New Zealand communications in order to detect crime, nor do we think that they should have oversight and control of the implementation and operation of New Zealand’s communication networks. Therefore we don’t think that this legislation is warranted.

SELWYN MANNING: Following on from the above question, have ISPs in New Zealand provided consumers (both personal, professional and business clients) adequate and satisfactory security to minimise the risk of a cyber-attack or infiltration? Indeed, is it the role of ISPs to provide such safeguards?

THOMAS BEAGLE: We see the main role of ISPs is to offer data transport, with security services being an optional add-on. ISPs can definitely help, but because of their place in the network it is impossible for them to provide comprehensive security measures and therefore it is always go to be at least partly the responsibility of end-users to secure themselves. 

SELWYN MANNING: For this article a security analyst has stated that: “The threat of cyber espionage and hacking is clear and present… The main aggressors are foreign state and non-state actors who seek government as well as corporate and individual private or secret information. There are also groups, like Anonymous New Zealand, that are domestic in nature who attempt to hack into government and private electronic communications for activist or ideological (as opposed to criminal or military/diplomatic/economic/security) purposes.”

If the cyber-threat is real, as stated above, and if so should the New Zealand Government advance legislation that positions the authorities to be able to confront the threat? If, on the other hand the threat is overstated why has that exaggeration occurred?

THOMAS BEAGLE: I think you’d have to start by asking “What are the problems we’re seeing that current law doesn’t provide for, and will this proposed new law fix those problems?” 

There has been very little evidence given to justify the need for these sweeping new powers. Indeed, many of the relevant sections of the advice to Cabinet has been redacted so that the public can’t see it. We don’t find the government’s claims particularly credible and feel they need to do a much better job of establishing the need for any law changes.

SELWYN MANNING: With the reality of US global surveillance systems such as PRISM being in evidence, how should a New Zealand Government (that was hypothetically concerned about civil liberties being eroded) protect New Zealanders from the threat of evasive spying and dragnet operations?

THOMAS BEAGLE: This is one of the worrying questions about putting the GCSB in charge of cyber-security. The GCSB is a cold war construct and was basically setup to spy on the South Pacific and hand the information over to the UK and USA. Can we be sure whose side they’ll be on when it comes to protecting New Zealand communications from US spying?

The only real answer at the moment is twofold, the government should: 1) encourage New Zealanders to host as much of their services on servers in New Zealand as possible, b) not implement their own invasive spying and dragnet operations.

Of course, this won’t help people using Facebook, Gmail, Google, Apple services, etc.

SELWYN MANNING: ACT, MP Peter Dunne, and New Zealand First have proposed amendments to the GCSB legislation. Do you think the debate is causing the initially proposed legislation to be reigned in, formed into a more satisfactory bill?

THOMAS BEAGLE: The Select Committee process (or in this case the Intelligence and Security Committee) is good at making minor improvements to bills, but it typically falls down when the legislation is deeply flawed.

There have been a few useful clarifications made by the committee and Peter Dunne. There are some improvements to the reporting and oversight provisions – but that doesn’t fix the overall oversight model which still depends on the PM’s appointee providing oversight of the PM’s department.

More importantly, there has been no fixing or clarification of some of the big issues of the day concerning metadata and mass surveillance. The Prime Minister can make as many statements as he likes about whether metadata will be treated as communications or not, we want to see it written into the bill.

SELWYN MANNING: It appears the Legislation will pass through the Parliament to become an Act. Do you see a political will among the opposition parties to repeal this Act should they become government after the 2014 General Election? If so, what to you envisage would be a likely form of a reformed GCSB act?

THOMAS BEAGLE: The Greens have a strong commitment to overhauling NZ’s intelligence agencies, which isn’t that surprising when you find out that a number of them have been legally or illegally spied on by those same agencies. Labour has also firmed up its commitment to having an inquiry into the agencies. We’re optimistic that an inquiry will happen if there’s a change in government, but do have some concerns about what the terms of reference might be.

We’re hoping for more than just a reformed GCSB Act, and would rather a total review of the purpose of our intelligence agencies. Personally I’d like us to stop spying on our neighbours and friendly countries in the South Pacific on behalf of the USA and other countries.

SELWYN MANNING: What do you see as the most invasive piece of legislation, the GCSB amendment bill or the Telecommunications Interception… Bill? And if you could also explain your rationale as to why.

THOMAS BEAGLE: The two bills work in together but the GCSB Bill has to count as more invasive than the TICS Bill, as it’s the GCSB Bill that gives them the ability to spy on New Zealanders in the name of “cybersecurity”. We’re very concerned that there’s nothing in the bill that stops them from applying for an access authorisation or two and implementing US/UK-style mass surveillance.

The TICS Bill is more of an enabling bill – the first part is just a set of changes and extensions to the existing TICA (2004) law. We do have concerns with this but they tend to be more technical than civil liberty oriented. The other section concerning GCSB control of NZ’s networks is again just enabling the new purpose given to the GCSB in the GCSB Bill.

SELWYN MANNING: The GCSB Amendment has obviously received much attention in publicity while the TIC bill has escaped the notice of many. Should New Zealanders be as concerned about the TIC legislation? If so, why?

THOMAS BEAGLE: We think New Zealanders should be concerned about the TICS Bill. It will slow the development of network services while increasing the cost due to the added bureaucratic overhead. Obviously it will also strengthen the GCSB, but on balance it’s definitely the GCSB Bill that’s more of a problem.

SELWYN MANNING: From an internet user’s point of view, how obvious will the application of the new legislation by the intelligence agencies be to the public as they go about their legitimate business or usage on the internet?

THOMAS BEAGLE: It depends on what the GCSB chooses to do with it. If they insist on using the powers in the two Bills to compel overseas service providers, we might find many companies such as Microsoft, Google and Apple start withdrawing certain services from the NZ market. The TICS Bill would make demands on US companies that are incompatible with New Zealand law – and it seems pretty clear which market they’ll choose if forced! 

NZ uses will definitely notice if iMessage, Gmail and Skype are no longer available in the NZ market.

SELWYN MANNING: What can New Zealanders do to minimise the risk of their own Government spying on them? Should they begin to use programmes such as Tor to mask their IPs etc in an attempt to restore a privacy that they once had?

THOMAS BEAGLE: Using more encryption is definitely one solution, as is using privacy enhancing services such as Tor, VPNs and secure chat. Ultimately it’s going to come down to making decisions about which companies and countries you don’t mind seeing your data. We expect some countries to start offering better protection and eventually users will start choosing services based in those countries.

SELWYN MANNING: And once this legislation is passed into law, how different will New Zealand be compared to the US, Canada, Australia, Britain on a civil liberty/privacy invasive scale?

THOMAS BEAGLE: We seem to be playing leapfrog at the moment. The GCSB/TICS Bills will give the GCSB some powers that the NSA or GCHQ will be envious of, while possibly not catching up as much in other ways. It’s hard to compare them directly because we still don’t understand the full extent of the legal and illegal surveillance being carried out in all of the countries.

SELWYN MANNING: In New Zealand, there has been a lot of reportage around whether Huawei hardware poses a security risk to New Zealand. While the NZ Government has not sought to ban Huawei products from being sold in New Zealand the new legislation would empower the security intelligence agencies, the GCSB, to test and approve or ban all hardware that it deems non-compliant to its yet to be stated standards. Do you feel this is justified or do you suspect it is a way for other state members of the Five Eyes network to block or ban such hardware?

THOMAS BEAGLE: With so many people looking at Huawei hardware we find it interesting that no one has actually demonstrated any backdoors yet. We can’t help thinking that a lot of this fuss is more about trade protectionism.

The people and companies who run our networks have a strong interest in maintaining the security of them. If anyone can demonstrate known flaws or vulnerabilities, they won’t need to be compelled to replace it.

SELWYN MANNING: In short, is this more about the USA’s NSA ensuring it has a way of blocking hardware, hardware that it does not have port access to?

THOMAS BEAGLE: As above, we suspect it’s more about trade protectionism than anything else.

<img src="http://thedailyblog.co.nz/wp-content/uploads/2

Show more