Surveillance

I've been invited to speak at a "Stop the Spies" event here in Ōtepoti next Tuesday. I intend to focus on the chilling effects of widespread surveillance on public interest activism/ active citizenship, democratic participation, independent journalism ie areas I have experience with. However, I will get them to identify me on the promotional material as a spokesperson for the NZPP (unless there are any objections?), so I've been reviewing where we got to with this discussion.

Any further points members would like me to raise? Do we currently have a formalized policy on Surveillance?

There have been hacks of 'security' companies like Gamma and Hacking Team in Europe and there have been some hacks in the US as well, where the internal communication of those businesses where leaked. What we learn from that is that there is a huge black market for zero-day-exploits. massively heated up by western governments paying huge amounts for those or software relying on them. The effect is that law enforcement agencies have an interest that those exploits are not published and fixed. This is dangerous, if not to say perverse.

I came to the conclusion that it is imperative that governments shall not be allowed to buy zero-day-exploits to facilitate their surveillance or buy 'forensic' software that relies on those. Instead governments must be required to immediately work with the software companies that are responsible for security leaks in their software, aiming to fix those security issues ASAP before they become public and can be exploited.

Governments should be allowed to run transparent bounty schemes to acquire knowledge of security issues and fund honest security experts, but never for the purpose of exploiting them themselves!

If it is a public meeting then avoid being too technical. One point that I have not seen raised anywhere yet is the danger to New Zealand's IT industry. As more backdoors in software is being found and the calls for restrictions on encryption are being made by spy agencies there is a danger that software from Five Eyes countries will no longer be trusted. That would be catastrophic for our IT industry

@andrewreitemeyer:
"avoid being too technical"

I was thinking about getting about 50 free postcards, and 50 envelopes, and putting them under each seat. Then I could invite people to write something on the postcard - "you just wrote a normal email". Then I could invite them to put the postcard in the envelope - "you just encrypted your email, but quite weakly. It's not hard to steam open the envelope. However, if your friend posted you a padlock to which only they have a key, and you locked your envelope in a metal box and locked it with the padlock, that would be much stronger encryption". Then I can get them to address the envelope - "now even though your mail is encrypted, there is a destination address, maybe a 'from' address, and a postmark showing where and when it was posted. That's meta-data." Basically using an everyday, familiar technology to explain by analogy.

I like the sound of that. That will be remembered.