Loomio

Surveillance

DS Danyl Strype Public Seen by 178

The existing policy statement related to surveillance can be read here:
http://pirateparty.org.nz/wiki/Core_Policy#Government_and_Related_Civil_Liberty

Relevant references for surveillance policy:

10 Jul 2013 - International Principles on the Application of Human Rights to Communications Surveillance:
https://necessaryandproportionate.org/text

LEAP group: 7 Hard Problems in Secure Communication
https://leap.se/en/2013/the-big-seven

CM

Craig Magee Wed 12 Feb 2014 2:38AM

Strip out the terrorism part. What’s left is a good start that can be extended and compliment with local issues.

We believe that an individual right to privacy remains important, in spite of claims of the need for surveillance for the greater good, and we are not convinced that overriding the right to privacy best serves the greater good.

We suggest that the Government should refrain from using new technology for surveillance until the issue has been subject to democratic consideration, and, in the absence of a constitution limiting the powers of Government, that a referendum or 75% majority in Parliament be required to extend Government surveillance powers under law. Legislation alone, however, does not address the inherent insecurity of many modern forms of communication which has made the erosion of privacy possible, and accordingly we also suggest the encouragement of privacy measures such as encryption.

AB

Adam Bullen Thu 13 Feb 2014 10:10AM

I have no problem with surveillance, where appropriate.

Such as part of an active criminal investigation. Or where there is evidence to look at someone / a group.

If it turns out that the evidence collected clears that person or group, that evidence must de destroyed at the end of the investigation.

DS

Danyl Strype Wed 2 Apr 2014 12:48AM

I hear what you're saying @adambullen but I think you are still falling into the fallacy that surveillance is a normal way to carry out criminal investigations. In most cases, this is not necessary.

Since any form of surveillance goes against our human right to be free from unreasonable search and seizure, the onus should be on those wishing to carry out surveillance to prove it is necessary and justified, and that there's no other way to stop a person or group harming others. The usual way to do this is by getting a warrant from a judge for each act of surveillance, but I don't think this is sufficient protection when police and judges are often equally 'deep in the forest' of law enforcement paranoia and groupthink that Ross Meurant talks about in the Operation 8 doco.

Most importantly, people's behaviour, including online behaviour, should not be constrained or redesigned in order to make surveillance easier. That includes forcing software developers and server hosts to include backdoors in their systems. Pirates need to actively support projects to increase people's ability to communicate privately if they choose to, for example:
https://leap.se/en/2013/the-big-seven

AB

Adam Bullen Thu 3 Apr 2014 1:27AM

@strypey I completely agree with what you say about forcing developers to make surveillance easier. It should be criminal to for the government to ask, let alone forcing it.

However assuming that judges are all corrupt and will give out surveillance warrants like candy is short sighted.

Disallowing surveillance of criminals via legal means will just force the practice underground**. Having legal means to surveil criminals and suspected criminals with clear limits to the powers granted to the police and related agencies, I think is critical to for the power of the police to uphold the law.

As for the groupthink comment, I am massively critical of the police and government when it comes to over stepping the bounds of their powers, which I think they do all to often. But that is another issue.

And as I said in my previous comment, surveillance needs to part of an "active" criminal investigation. I am not sure how you expect to carry out criminal investigations without the ability to look at what people are doing?

Disposal of the collected data needs to be written into law, if it is found that the data collected is not relevant to the case.

**See the recent revelations about authorities in the US getting tow truck drivers to mount licence plate recognition devices to their trucks, so that they could deny collecting them.
http://betaboston.com/news/2014/03/05/a-vast-hidden-surveillance-network-runs-across-america-powered-by-the-repo-industry/
http://tech.slashdot.org/story/14/03/05/1853254/vast-surveillance-network-powered-by-repo-men

DS

Danyl Strype Thu 3 Apr 2014 10:56AM

@adambullen

surveillance needs to part of an “active” criminal investigation. I am not sure how you expect to carry out criminal investigations without the ability to look at what people are doing?

A criminal investigation usually involves things like:
* interviewing victims, witnesses, and suspects,
* putting together a timeline of events and people’s movements
* following up clues such as identifying the owners of vehicles at the scene of the crime in case they witnessed anything
* examining documentary evidence such as photographs on the camera of a victim
* reading reports on forensic evidence collected from the crime scene (eg fingerprints)
* executing search warrants on premises where there is a good reason to believe physical evidence of the crime may be found

None of these things are surveillance, unless you are stretching the word well beyond common usage. Back in the day, surveillance methods were a last resort, used only if the information and evidence collected through normal detective methods convinced the Police that they knew who committed a crime, but weren’t sure they could prove it beyond reasonable doubt.

What I object to is that constant mass surveillance is becoming normalized. Either judicial oversight is being removed to make the system more “efficient”, or it’s simply failing to keep overzealous police from deciding they want to persecute someone, and fishing through a multitude of surveillance material to find a way to do so.

Disallowing surveillance of criminals via legal means will just force the practice underground**.

This is a bit like saying saying we need to make it legal to beat up suspects with phone books, so the police won’t do it illegally with their fists. Actually, we need to stop giving people special powers unless they are totally accountable for how they use them, and lose those powers right away if they abuse them. Despite the fact that a number of Acts of Parliament have increased police search powers in the last 20 years - eg the Search and Surveillance Act and the Suppression of Activism Ammendment Act - we know that in the MegaUpload case the police used illegal surveillance, and that in Operation 8 much of the police surveillance was illegal as well, leading to most of the trumped-up charges being dropped. The idea that we need to give the police more legal surveillance powers to stop them using illegal ones just doesn’t hold up. Whatever powers they are given, they always seem to “need” more.

DS

Poll Created Thu 3 Apr 2014 11:00AM

Governments must not constrain behaviour or design to make surveillance easier Closed Thu 10 Apr 2014 11:07AM

Outcome
by Danyl Strype Wed 26 Apr 2017 8:46AM

We have unanimous consensus that Pirate policy on Privacy include the principle that governments must not constrain behaviour or design to make surveillance easier.

Despite our ongoing debate, Adam and I appear to have found consensus, and I want to check if this is a broadly shared principle which could be part of our position statement on Surveillance. Do we agree that governments must not constrain people's behaviour, or the design of communication systems, to make surveillance easier, cheaper, or more far-reaching?

Results

Results Option % of points Voters
Agree 100.0% 7 AR DU DP HM M RU AB
Abstain 0.0% 0  
Disagree 0.0% 0  
Block 0.0% 0  
Undecided 0% 13 DS AJ TF KT TJ CM BV BK PA DU RF CW MD

7 of 20 people have voted (35%)

M

mako
Agree
Fri 4 Apr 2014 3:02AM

Like all principles, a pragmatist can imagine circumstances where they would not consider it reasonable. That said, I feel this holds generally enough to give it a yes.

AR

Andrew Reitemeyer
Agree
Fri 4 Apr 2014 6:47PM

As a broad principle yes, but surveillance has already gone to far and needs paring back

AB

Adam Bullen
Agree
Sat 5 Apr 2014 10:52AM

Designing to make surveillance easier is reprehensible, for governments to try to enforce this kind of behaviour should not be tolerated.

DU

[deactivated account]
Agree
Sun 6 Apr 2014 5:15AM

The Government must never again restrict communications systems or people's behaviour. If that is an irritant to a bureaucrat somewhere, then too bad for that bureaucrat.

DP

David Peterson
Agree
Wed 9 Apr 2014 12:11PM

A man's home is his castle. (so is his cellphone, and PC, and inbox, and...)

HM

Hubat McJuhes
Agree
Thu 10 Apr 2014 2:18AM

By no means is this stance sufficient. But taken as a base line, I agree 100%

DP

David Peterson Thu 3 Apr 2014 11:04AM

So basically you're proposing with your current proposal is that government should not take any action in certain circumstances? And that is all?

Yup, I could totally agree with that!

AB

Adam Bullen Sat 5 Apr 2014 10:50AM

@strypey Don't get me wrong here, where you say "What I object to is that constant mass surveillance is becoming normalized." I 100% agree with you.

I agree with what you are saying here, in crimes where physical evidence abounds, such as: robberies; murders; arson; car crash etc... then traditional policing methods should be enough.

However there are plenty of crimes where physical evidence is minimal, these are generally what are classed as "white collar crimes", these types of crimes are where I see that surveillance; properly administered and under strict guidelines; can make a massive difference.

DS

Danyl Strype Mon 7 Apr 2014 11:18AM

@adambullen
"surveillance; properly administered and under strict guidelines"

Let's say I accept this for the sake of argument. Can you describe what sort of strict guidelines would be adequate to protects our rights and freedoms? This is the sort of detail we need in a proper policy statement.

AB

Adam Bullen Tue 8 Apr 2014 11:02AM

@strypey
I don't have a clear picture of what would be required.

I have some basic concepts, such as:
1/ part of an active criminal investigation;
2/ a "surveillance warrant" issues by a judge (I'm not sure if this would be a blanket for the entire investigation (unlikely), suspect, or for each individual instance of surveillance);
3/ strict guidelines for how long the data can be kept for.
4/ an information audit, as a requirement of any warrant issues to ensure the data is destroyed as appropriate.
5/ harsh penalties if it is found that data wasn't destroyed, as the officers involved would be effectively breaking the law.

There are probably many more requirements, but I can't think of them right now. But if this were to be a serious discussion that would be moved to a policy vote. I would like to "sit down" and flesh out exactly what restrictions and limitations would be in place.

Overall I think the police and the judiciary do a good job in very difficult circumstances. However don't read in to that as "always", mistakes are made all to often. I also think the police have interpret the law in some situations where they should only have to enforce the law.

But it needs to be codified in law that any surveillance of ordinary citizens not part of an active criminal investigation is illegal and punishable by some harsh penalties.

AB

Adam Bullen Tue 8 Apr 2014 11:13AM

One other thing I would like to mention.

I find it deplorable that governments around the world have a nice little system where they spy on each others citizens and give the information to each other just so they can say "we don't spy on our own citizens"

Having someone else do your dirty work should be seen as doing it yourself.

DS

Danyl Strype Tue 8 Apr 2014 2:34PM

@adambullen

if this were to be a serious discussion that would be moved to a policy vote. I would like to “sit down” and flesh out exactly what restrictions and limitations would be in place.

It is. That’s what we’re here for.

I also think the police have interpret the law in some situations where they should only have to enforce the law.

In practice, you can’t do one without the other.

AR

Andrew Reitemeyer Tue 8 Apr 2014 7:20PM

When it is moved to a policy vote we should take a lead from the European Union which is rolling back repressive legislation in this area both in the European Parliament and the European Court.

HM

Hubat McJuhes Fri 6 Jun 2014 10:43PM

Meta data must be protected from mass surveillance as we all have something to hide:
http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/

DS

Danyl Strype Tue 4 Aug 2015 4:40PM

I've been invited to speak at a "Stop the Spies" event here in Ōtepoti next Tuesday. I intend to focus on the chilling effects of widespread surveillance on public interest activism/ active citizenship, democratic participation, independent journalism ie areas I have experience with. However, I will get them to identify me on the promotional material as a spokesperson for the NZPP (unless there are any objections?), so I've been reviewing where we got to with this discussion.

Any further points members would like me to raise? Do we currently have a formalized policy on Surveillance?

HM

Hubat McJuhes Wed 5 Aug 2015 4:34AM

There have been hacks of 'security' companies like Gamma and Hacking Team in Europe and there have been some hacks in the US as well, where the internal communication of those businesses where leaked. What we learn from that is that there is a huge black market for zero-day-exploits. massively heated up by western governments paying huge amounts for those or software relying on them. The effect is that law enforcement agencies have an interest that those exploits are not published and fixed. This is dangerous, if not to say perverse.

I came to the conclusion that it is imperative that governments shall not be allowed to buy zero-day-exploits to facilitate their surveillance or buy 'forensic' software that relies on those. Instead governments must be required to immediately work with the software companies that are responsible for security leaks in their software, aiming to fix those security issues ASAP before they become public and can be exploited.

Governments should be allowed to run transparent bounty schemes to acquire knowledge of security issues and fund honest security experts, but never for the purpose of exploiting them themselves!

AR

Andrew Reitemeyer Thu 6 Aug 2015 4:19AM

If it is a public meeting then avoid being too technical. One point that I have not seen raised anywhere yet is the danger to New Zealand's IT industry. As more backdoors in software is being found and the calls for restrictions on encryption are being made by spy agencies there is a danger that software from Five Eyes countries will no longer be trusted. That would be catastrophic for our IT industry

DS

Danyl Strype Sat 8 Aug 2015 3:56PM

@andrewreitemeyer:
"avoid being too technical"

I was thinking about getting about 50 free postcards, and 50 envelopes, and putting them under each seat. Then I could invite people to write something on the postcard - "you just wrote a normal email". Then I could invite them to put the postcard in the envelope - "you just encrypted your email, but quite weakly. It's not hard to steam open the envelope. However, if your friend posted you a padlock to which only they have a key, and you locked your envelope in a metal box and locked it with the padlock, that would be much stronger encryption". Then I can get them to address the envelope - "now even though your mail is encrypted, there is a destination address, maybe a 'from' address, and a postmark showing where and when it was posted. That's meta-data." Basically using an everyday, familiar technology to explain by analogy.

AR

Andrew Reitemeyer Sun 9 Aug 2015 7:37AM

I like the sound of that. That will be remembered.