Our submission on the NZ Intelligence and Security Bill

Ben CreetA blog post from Ben Creet, Issues Manager at InternetNZ
11 November 2016

Last Thursday Andrew Cushen and I made an oral submission on the New Zealand Intelligence and Security Bill (the Bill) to Parliament's Foreign Affairs, Defence and Trade Committee.

We asked to present in person to make a small number of important points to the Select Committee. We decided to submit on the Bill because we know that New Zealanders are concerned about government (and business) surveillance. Our recently released research shows that 67% of New Zealanders are concerned about threats to their online privacy. If we’re going to have a better world through a better Internet people need to be confident that they can use it without being surveilled.

This concern about New Zealander’s fear of surveillance underpins our submission. That’s why we spoke to the Select Committee on:

  • fixing the definition of private communication
  • prohibiting mass surveillance
  • moving, and fixing the definition of national security.

Private communication

We submitted that the Bill’s definition of “private communication” is circular and self-defeating, and we recommended the definition not continue. The weird thing is that, legally, more work put into protecting your communications from interception doesn’t actually give it more legal protection. It’s very easy to read encrypted communication as not covered by the definition of private communication. That doesn't seem right to us.

Some submitters suggested an alternative definition; however, we think it is too risky to introduce a new definition at this late stage. If the Government want a robust definition, they should have put one in the Bill. Our submission proposes that the least risky option is to simply remove the definition and instead require a warrant for the interception of all communications. This solution aligns with the Independent Reviewers solution to the ambiguous definition of private communication.

In short, the definition is deeply flawed. We think the best way that that can be resolved in the context of this Bill is to instead focus on requiring warrants for the interception of Internet-based communications.

Prohibiting mass surveillance

We submitted that Parliament and the Government should move to prohibit mass surveillance. We accept the Government’s statement that it does not perform mass surveillance. That position is supported by the Independent Reviewers, the Inspector-General, and by Rebecca Kitteridge’s investigation of the GCSB back in 2013.

Our position is that mass surveillance is bad, it is not proportionate, not reasonable and it could stop New Zealanders expressing their views and thoughts online. New Zealand should avoid becoming a surveillance society. Therefore, given mass surveillance is not current policy, we think the Bill should prevent any future Government from instituting mass surveillance. We suggested this could be implemented through a few avenues:

  • an explicit prohibition of mass surveillance in the Bill (just like the prohibition on spying on political protestors)
  • sorting out our private communication concerns (see above)
  • tighter constraints on the reuse of unauthorised and incidentally-obtained intelligence.

Sadly, we then got into that old discussion of whether mass surveillance is technically possible or within the capability of the agencies. To be honest, I’m not that interested in discussions about using capacity and technical capability as a constraint on policy - it’s a distraction. Tech moves fast, processing power effectively doubles every 18 months (Moore’s Law) and organisations can always get more money.

    For us this is an issue of principle. If mass surveillance risks chilling participation online (which we think it does), and if the government shouldn’t be allowed to do it (which we think it shouldn’t), then a prohibition in law is the best way to achieve this.

    Defining national security

    We’re on record as not liking the Bill’s definition of national security - it’s too broad. The definition comes directly from the Independent Reviewer’s report (you can read our briefing on that reporthere). The definition takes a very wide, overly holistic approach to national security.

    The thing we tried to impress on the Select Committee is that they don’t need to provide an all-encompassing definition of national security that will guide strategy, policy, intelligence activity abroad or even how and what the National Assessments Bureau do. The only reason the Bill needs a definition of national security is because the Government has decided that the NZSIS and GCSB can spy on New Zealanders for national security matters. This means New Zealand needs a definition of national security so that warrants are only authorised in the right situations.

    We spoke to the Committee about the definition and made two recommendations:

    • replace it with the shorter definition we have proposed in our written submission (see page 7 of our submission)
    • the definition should be moved to Part 4 of the Bill, so that it only applies to warrants.

    Moving the definition means that the broader concerns from officials about the impacts of how the Bill’s definition could interact with other laws and concepts of national security can be avoided. Instead, all that matters is a definition that sets out the circumstances where New Zealand would definitely want the agencies to be undertaking intelligence operations on New Zealanders. That’s what we think our proposed definition of national security does.

    To cut the story above a bit shorter: We think that fixing these issues in the New Zealand Intelligence and Security Bill is really important to keeping our Internet open, and to maintain confidence in it. That's why we went to Parliament last week, and why we are keeping an eye on this from here on too.

    Would you like to know more?