NZ Customs requiring passwords

AR Andrew Reitemeyer Public Seen by 201

New Zealand customs is asking for the power to require passengers to reveal passwords for their digital devices. As can be seen from visitors to the Dotcom mansion knowing the wrong people can be a reason to ask for a password. I think PPNZ should make a submission to the public consultation process objecting to this.
First I think we should have a policy that states that even though it is a fundamental Pirate principles.

The discussion paper can be seen here


Craig Magee Thu 5 Mar 2015 1:22AM

What grounds are there for refusal? It's not unlike a traveller with a lock on their bag being expected to to provide a key.


Hubat McJuhes Thu 5 Mar 2015 7:39PM

I agree with the need to object. Digital mobile devices are nowadays storing the most private information of a particular person and also of others. Privacy is to be protected, also when travelling.


Hubat McJuhes Thu 5 Mar 2015 7:55PM

@craigmagee Yes, it is.
If scanning a bag suggests that some danger stems from thsi bag (e.g. bomb or gas lighter, etc.) or undeclared goods may be shipped in them (20 bottles of Scotch), or - heaven forbid - some foreign fruit may compromise our bio security, then it is more than sensible to have the bag opened and the situation clarified as it is the most genuine duty of customs to ensure safety and raising appropriate fees.

The password on a smartphone is therefore much more comparable with a padlock on your diary rather than on a bag.

Can you please tell me what kind of harmful or undeclared items customs is supposed to find on a digital device?


Craig Magee Thu 5 Mar 2015 8:37PM

  • Importation of objectionable media
  • Importation of copyright infringing media
  • Immigration concerns

Digital mobile devices store private information: that's the reason customs need access. Someone who comes to the attention of customs while attempting to enter the country would be expected to unlock their diary.


Hubat McJuhes Fri 6 Mar 2015 8:00AM

@craigmagee None of those aspects justifies such a heavy weighing violation of personal rights.

Mentioning copyright infringing media is a joke in itself. If you are serious about copyright infringing media being important enough to imprison people for not actively helping in the investigation, then you should ask yourself if you are in the right party.
That aside: how would customs be able to differentiate between copyright infringing media and media that are rightfully copied to the device, e.g. a completely legal copy of my own genuinely bought CD? Or do you say that I have to take my physical CD shelf with me on any journey only to proof that I am legally listening to my favourite tracks during a 36 hr journey to Europe?


Craig Magee Fri 6 Mar 2015 9:41AM

Fine, ignore that if you like.
Explain why customs shouldn't be able to verify travel and work plans of people entering the country with the information in their possession.


Hubat McJuhes Fri 6 Mar 2015 9:56AM

I did already. I have pointed out that customs have all rights to
ensure safety and no undeclared goods are taken in. And I have
expressed my disapproval to ignore civil rights in favour of any
secondary objectives. It is now up to you to deliver new arguments.


Craig Magee Fri 6 Mar 2015 10:09AM

Customs have the right to search someone's belongings, read any documentation they have, and question their identity or reason for entering the country.
Privacy is not a reasonable expectation for anyone entering any country. Allowing information in electronic form to circumvent customs will lead to people transferring information in electronic form to subvert customs.

A submission that defines terms and conditions for customs to demand passwords and encryption-keys has the potential to be constructive and influential. Harping on about 'privacy' and 'civil rights' in non-meaningful ways is a waste of time and makes fools of the submitters.


Hubat McJuhes Fri 6 Mar 2015 10:31AM

@craigmagee I disagree wholeheartedly with everything you said above. I don't think customs currently have that right and I am absolutely certain they should not have those rights. I believe that all governmental agencies at all times have to act in due course and should never exercise any rights without measure.


Craig Magee Fri 6 Mar 2015 10:37AM

You don't have to agree, you have to think about and decide what's going to be in the submission.


Craig Magee Fri 6 Mar 2015 11:05AM

I recommend reading the Customs and Excise Act 1996.
Especially Part 12: Powers of Customs officers to see what authority they have.


Andrew Reitemeyer Sat 7 Mar 2015 8:29PM

The summary of the discussion summary states
"We want to make Customs’ power to examine electronic devices clearer in the Act. This would mean that there is increased transparency when Customs examines the content of electronic devices as part of a routine baggage search at the border.
- We are also considering whether it is more appropriate to perform more intensive examinations of electronic devices (such as forensic examination and cloning of the device) only after a threshold is met. A threshold could be that a Customs officer must have reasonable cause to suspect the device carries prohibited material or evidence of particular offending before performing these more intensive examinations.
- We also want to create a new obligation on passengers to provide Customs with access to their electronic device when requested to do so"

Some ideas as to what should we be concerned about :

  • Fishing expeditions where customs officers look for offending data not based on any reasonable cause.Especially related to file sharing where files were downloaded in other legal jurisdictions.
  • Clones of devices being passed on to intelligence services
  • Warnings of the types of data that are unlawful In NZ but not in other legal jurisdictions. And an opportunity to delete offending data.
  • must the device owner give passwords for encrypted files as well as the device password? If so two factor authentication may be a problem that could lead to prosecution.
  • does this mean that passwords to cloud based data that is in servers not based in New Zealand can be demanded?
  • Can offending under New Zealand law in another legal jurisdiction where is is not an offense be reasonable grounds? Thoughts?

Ben Vidulich Sun 8 Mar 2015 9:44AM

Suppose Customs detect a block of random bits on a device and decide that it's an encrypted volume. How is someone expected to defend themselves when officials demand the password?

This, and many of the arguments in this discussion so far, are more applicable to the Search and Surveillance Act 2012 than the review of the Customs and Excise Act.

Who would be liable for the intentional transmission of malware between a passenger's device and the terminal used by Customs to scan the device (in either direction)?


Someone could act suspiciously such that they can deliberately infect Customs' computer systems.


Worse still, an innocent passenger's clean device may become infected by malware after it is connected to Customs' computer system.

What about suspicion of recently-wiped devices? Specifically, people wiping devices prior to travelling knowing that Customs may attempt to inspect the device(s)? Should this be considered an act of guilt; could this be considered the concealment of supposed illegal activity?

What if a traveller is carrying encrypted data that the traveller does not hold the relevant decryption key(s)? Should they be prosecuted for failure to comply with a request for access?

Kind of reminds of when they ask you if you have packed your own bags.

What would be the limits (if any) of performing a "random" search (i.e. fishing expedition)? Is there a reasonable expectation or requirement that Customs officers do not inspect personal photographs (unless they have reason to believe there are incriminating photographs)? If Customs officers are looking for something specific but find something else that is illegal (e.g. copyrighted material) then should they be able to prosecute the traveller on the grounds that their search was for something else?



[deactivated account] Mon 9 Mar 2015 12:55AM

Realistically the only case they could have to seek for objectionable material is if you've been to Thailand on you vacations.
However, that does not mean that everyone should be treated as guilty until proven innocent.
We know that if your company has secrets, you could be fired for sharing your passwords with any random customs official, likewise with official secrets clearance, or even just online banking, it is a violation of the terms of service to share passwords with other people.


Ben Vidulich Sat 4 Apr 2015 8:38AM

I think we should make a submission in the name of PPNZ.

If we aim to conclude our position/argument(s) by Friday 17th April then that gives us two weeks to write and review the submission.


[deactivated account] Sat 4 Apr 2015 9:00AM

1984 was not meant to be an instruction manual.
With most of modern life and business being conducted on computers, it is incredibly invasive and downright evil to demand passwords merely for travelling beyond borders.
We can not allow casual bureaucratic demands for access to our entire digital life simply because of a few rotten eggs out of millions of travellers.
Furthermore, it is illegal to share passwords to online banking accounts and work emails, people can be refused bank service, or worse fired and sued for sharing company secrets. There is no legitimate reason to hand over confidential information to anonymous bureaucrats simply because they work at the borders.
If there was any alleged criminality of terrorist or pedophile nature, the five eyes would already have that information to hand without the even clumsier interference of the customs agents at the borders.

I personally recall on my 9th birthday NZ had it's first and only terrorist attack, and neither customs nor the GCSB did anything to stop the bombing of the Rainbow Warrior in 1985 by members of the french secret service.
It is increasingly clear that the proposal by customs is merely an incompetent powergrab of information they don't need at all, because what information they seek, they are already receiving through the GCSB.


Ben Vidulich Sun 19 Apr 2015 4:09AM


Ben Vidulich Wed 22 Apr 2015 9:10AM

Let's aim to get this semi-finalised by the 28th (next Tuesday) so we have a couple of days for minor tweaks for the submission is due (1st May).


Ben Vidulich Wed 29 Apr 2015 8:34AM

I've tidied up the grammar.

Later tonight or tomorrow I will copy the text into Word and do a final spelling/grammar/writing style check + add formatting. Following that I will submit it as a PDF and attach the PDF here.

@andrewmcpherson is line 15 entirely necessary? If we start too antagonistically they may not read the rest of our submission :P


Andrew Reitemeyer Wed 29 Apr 2015 8:25PM

Thanks Ben I wanted to work on it over the weekend but life got in the way


Ben Vidulich Thu 30 Apr 2015 11:15AM

The attached PDF has now been submitted to the New Zealand Customs Service.