Strip out the terrorism part. What’s left is a good start that can be extended and compliment with local issues.

We believe that an individual right to privacy remains important, in spite of claims of the need for surveillance for the greater good, and we are not convinced that overriding the right to privacy best serves the greater good.

We suggest that the Government should refrain from using new technology for surveillance until the issue has been subject to democratic consideration, and, in the absence of a constitution limiting the powers of Government, that a referendum or 75% majority in Parliament be required to extend Government surveillance powers under law. Legislation alone, however, does not address the inherent insecurity of many modern forms of communication which has made the erosion of privacy possible, and accordingly we also suggest the encouragement of privacy measures such as encryption.

I have no problem with surveillance, where appropriate.

Such as part of an active criminal investigation. Or where there is evidence to look at someone / a group.

If it turns out that the evidence collected clears that person or group, that evidence must de destroyed at the end of the investigation.

I hear what you're saying @adambullen but I think you are still falling into the fallacy that surveillance is a normal way to carry out criminal investigations. In most cases, this is not necessary.

Since any form of surveillance goes against our human right to be free from unreasonable search and seizure, the onus should be on those wishing to carry out surveillance to prove it is necessary and justified, and that there's no other way to stop a person or group harming others. The usual way to do this is by getting a warrant from a judge for each act of surveillance, but I don't think this is sufficient protection when police and judges are often equally 'deep in the forest' of law enforcement paranoia and groupthink that Ross Meurant talks about in the Operation 8 doco.

Most importantly, people's behaviour, including online behaviour, should not be constrained or redesigned in order to make surveillance easier. That includes forcing software developers and server hosts to include backdoors in their systems. Pirates need to actively support projects to increase people's ability to communicate privately if they choose to, for example:
https://leap.se/en/2013/the-big-seven

@strypey I completely agree with what you say about forcing developers to make surveillance easier. It should be criminal to for the government to ask, let alone forcing it.

However assuming that judges are all corrupt and will give out surveillance warrants like candy is short sighted.

Disallowing surveillance of criminals via legal means will just force the practice underground**. Having legal means to surveil criminals and suspected criminals with clear limits to the powers granted to the police and related agencies, I think is critical to for the power of the police to uphold the law.

As for the groupthink comment, I am massively critical of the police and government when it comes to over stepping the bounds of their powers, which I think they do all to often. But that is another issue.

And as I said in my previous comment, surveillance needs to part of an "active" criminal investigation. I am not sure how you expect to carry out criminal investigations without the ability to look at what people are doing?

Disposal of the collected data needs to be written into law, if it is found that the data collected is not relevant to the case.

**See the recent revelations about authorities in the US getting tow truck drivers to mount licence plate recognition devices to their trucks, so that they could deny collecting them.
http://betaboston.com/news/2014/03/05/a-vast-hidden-surveillance-network-runs-across-america-powered-by-the-repo-industry/
http://tech.slashdot.org/story/14/03/05/1853254/vast-surveillance-network-powered-by-repo-men

@adambullen

surveillance needs to part of an “active” criminal investigation. I am not sure how you expect to carry out criminal investigations without the ability to look at what people are doing?

A criminal investigation usually involves things like:
* interviewing victims, witnesses, and suspects,
* putting together a timeline of events and people’s movements
* following up clues such as identifying the owners of vehicles at the scene of the crime in case they witnessed anything
* examining documentary evidence such as photographs on the camera of a victim
* reading reports on forensic evidence collected from the crime scene (eg fingerprints)
* executing search warrants on premises where there is a good reason to believe physical evidence of the crime may be found

None of these things are surveillance, unless you are stretching the word well beyond common usage. Back in the day, surveillance methods were a last resort, used only if the information and evidence collected through normal detective methods convinced the Police that they knew who committed a crime, but weren’t sure they could prove it beyond reasonable doubt.

What I object to is that constant mass surveillance is becoming normalized. Either judicial oversight is being removed to make the system more “efficient”, or it’s simply failing to keep overzealous police from deciding they want to persecute someone, and fishing through a multitude of surveillance material to find a way to do so.

Disallowing surveillance of criminals via legal means will just force the practice underground**.

This is a bit like saying saying we need to make it legal to beat up suspects with phone books, so the police won’t do it illegally with their fists. Actually, we need to stop giving people special powers unless they are totally accountable for how they use them, and lose those powers right away if they abuse them. Despite the fact that a number of Acts of Parliament have increased police search powers in the last 20 years - eg the Search and Surveillance Act and the Suppression of Activism Ammendment Act - we know that in the MegaUpload case the police used illegal surveillance, and that in Operation 8 much of the police surveillance was illegal as well, leading to most of the trumped-up charges being dropped. The idea that we need to give the police more legal surveillance powers to stop them using illegal ones just doesn’t hold up. Whatever powers they are given, they always seem to “need” more.

So basically you're proposing with your current proposal is that government should not take any action in certain circumstances? And that is all?

Yup, I could totally agree with that!

@strypey Don't get me wrong here, where you say "What I object to is that constant mass surveillance is becoming normalized." I 100% agree with you.

I agree with what you are saying here, in crimes where physical evidence abounds, such as: robberies; murders; arson; car crash etc... then traditional policing methods should be enough.

However there are plenty of crimes where physical evidence is minimal, these are generally what are classed as "white collar crimes", these types of crimes are where I see that surveillance; properly administered and under strict guidelines; can make a massive difference.

@adambullen
"surveillance; properly administered and under strict guidelines"

Let's say I accept this for the sake of argument. Can you describe what sort of strict guidelines would be adequate to protects our rights and freedoms? This is the sort of detail we need in a proper policy statement.

@strypey
I don't have a clear picture of what would be required.

I have some basic concepts, such as:
1/ part of an active criminal investigation;
2/ a "surveillance warrant" issues by a judge (I'm not sure if this would be a blanket for the entire investigation (unlikely), suspect, or for each individual instance of surveillance);
3/ strict guidelines for how long the data can be kept for.
4/ an information audit, as a requirement of any warrant issues to ensure the data is destroyed as appropriate.
5/ harsh penalties if it is found that data wasn't destroyed, as the officers involved would be effectively breaking the law.

There are probably many more requirements, but I can't think of them right now. But if this were to be a serious discussion that would be moved to a policy vote. I would like to "sit down" and flesh out exactly what restrictions and limitations would be in place.

Overall I think the police and the judiciary do a good job in very difficult circumstances. However don't read in to that as "always", mistakes are made all to often. I also think the police have interpret the law in some situations where they should only have to enforce the law.

But it needs to be codified in law that any surveillance of ordinary citizens not part of an active criminal investigation is illegal and punishable by some harsh penalties.

One other thing I would like to mention.

I find it deplorable that governments around the world have a nice little system where they spy on each others citizens and give the information to each other just so they can say "we don't spy on our own citizens"

Having someone else do your dirty work should be seen as doing it yourself.

@adambullen

if this were to be a serious discussion that would be moved to a policy vote. I would like to “sit down” and flesh out exactly what restrictions and limitations would be in place.

It is. That’s what we’re here for.

I also think the police have interpret the law in some situations where they should only have to enforce the law.

In practice, you can’t do one without the other.

When it is moved to a policy vote we should take a lead from the European Union which is rolling back repressive legislation in this area both in the European Parliament and the European Court.

Meta data must be protected from mass surveillance as we all have something to hide:
http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/

I've been invited to speak at a "Stop the Spies" event here in Ōtepoti next Tuesday. I intend to focus on the chilling effects of widespread surveillance on public interest activism/ active citizenship, democratic participation, independent journalism ie areas I have experience with. However, I will get them to identify me on the promotional material as a spokesperson for the NZPP (unless there are any objections?), so I've been reviewing where we got to with this discussion.

Any further points members would like me to raise? Do we currently have a formalized policy on Surveillance?

There have been hacks of 'security' companies like Gamma and Hacking Team in Europe and there have been some hacks in the US as well, where the internal communication of those businesses where leaked. What we learn from that is that there is a huge black market for zero-day-exploits. massively heated up by western governments paying huge amounts for those or software relying on them. The effect is that law enforcement agencies have an interest that those exploits are not published and fixed. This is dangerous, if not to say perverse.

I came to the conclusion that it is imperative that governments shall not be allowed to buy zero-day-exploits to facilitate their surveillance or buy 'forensic' software that relies on those. Instead governments must be required to immediately work with the software companies that are responsible for security leaks in their software, aiming to fix those security issues ASAP before they become public and can be exploited.

Governments should be allowed to run transparent bounty schemes to acquire knowledge of security issues and fund honest security experts, but never for the purpose of exploiting them themselves!

If it is a public meeting then avoid being too technical. One point that I have not seen raised anywhere yet is the danger to New Zealand's IT industry. As more backdoors in software is being found and the calls for restrictions on encryption are being made by spy agencies there is a danger that software from Five Eyes countries will no longer be trusted. That would be catastrophic for our IT industry

@andrewreitemeyer:
"avoid being too technical"

I was thinking about getting about 50 free postcards, and 50 envelopes, and putting them under each seat. Then I could invite people to write something on the postcard - "you just wrote a normal email". Then I could invite them to put the postcard in the envelope - "you just encrypted your email, but quite weakly. It's not hard to steam open the envelope. However, if your friend posted you a padlock to which only they have a key, and you locked your envelope in a metal box and locked it with the padlock, that would be much stronger encryption". Then I can get them to address the envelope - "now even though your mail is encrypted, there is a destination address, maybe a 'from' address, and a postmark showing where and when it was posted. That's meta-data." Basically using an everyday, familiar technology to explain by analogy.

I like the sound of that. That will be remembered.