NZ Customs requiring passwords

You don't have to agree, you have to think about and decide what's going to be in the submission.

I recommend reading the Customs and Excise Act 1996.
Especially Part 12: Powers of Customs officers to see what authority they have.

The summary of the discussion summary states
"We want to make Customs’ power to examine electronic devices clearer in the Act. This would mean that there is increased transparency when Customs examines the content of electronic devices as part of a routine baggage search at the border.
- We are also considering whether it is more appropriate to perform more intensive examinations of electronic devices (such as forensic examination and cloning of the device) only after a threshold is met. A threshold could be that a Customs officer must have reasonable cause to suspect the device carries prohibited material or evidence of particular offending before performing these more intensive examinations.
- We also want to create a new obligation on passengers to provide Customs with access to their electronic device when requested to do so"

Some ideas as to what should we be concerned about :

• Fishing expeditions where customs officers look for offending data not based on any reasonable cause.Especially related to file sharing where files were downloaded in other legal jurisdictions.
• Clones of devices being passed on to intelligence services
• Warnings of the types of data that are unlawful In NZ but not in other legal jurisdictions. And an opportunity to delete offending data.
• must the device owner give passwords for encrypted files as well as the device password? If so two factor authentication may be a problem that could lead to prosecution.
• does this mean that passwords to cloud based data that is in servers not based in New Zealand can be demanded?
• Can offending under New Zealand law in another legal jurisdiction where is is not an offense be reasonable grounds? Thoughts?

Suppose Customs detect a block of random bits on a device and decide that it's an encrypted volume. How is someone expected to defend themselves when officials demand the password?

This, and many of the arguments in this discussion so far, are more applicable to the Search and Surveillance Act 2012 than the review of the Customs and Excise Act.

---

Who would be liable for the intentional transmission of malware between a passenger's device and the terminal used by Customs to scan the device (in either direction)?

https://twitter.com/zl4bv/status/573429138905649152
https://twitter.com/cheetor5923/status/573641229662969856

Someone could act suspiciously such that they can deliberately infect Customs' computer systems.

https://twitter.com/kyhwana/status/573429649293717504

Worse still, an innocent passenger's clean device may become infected by malware after it is connected to Customs' computer system.

---

What about suspicion of recently-wiped devices? Specifically, people wiping devices prior to travelling knowing that Customs may attempt to inspect the device(s)? Should this be considered an act of guilt; could this be considered the concealment of supposed illegal activity?

---

What if a traveller is carrying encrypted data that the traveller does not hold the relevant decryption key(s)? Should they be prosecuted for failure to comply with a request for access?

Kind of reminds of when they ask you if you have packed your own bags.

---

What would be the limits (if any) of performing a "random" search (i.e. fishing expedition)? Is there a reasonable expectation or requirement that Customs officers do not inspect personal photographs (unless they have reason to believe there are incriminating photographs)? If Customs officers are looking for something specific but find something else that is illegal (e.g. copyrighted material) then should they be able to prosecute the traveller on the grounds that their search was for something else?

--

Realistically the only case they could have to seek for objectionable material is if you've been to Thailand on you vacations.
However, that does not mean that everyone should be treated as guilty until proven innocent.
We know that if your company has secrets, you could be fired for sharing your passwords with any random customs official, likewise with official secrets clearance, or even just online banking, it is a violation of the terms of service to share passwords with other people.

I think we should make a submission in the name of PPNZ.

If we aim to conclude our position/argument(s) by Friday 17th April then that gives us two weeks to write and review the submission.

1984 was not meant to be an instruction manual.
With most of modern life and business being conducted on computers, it is incredibly invasive and downright evil to demand passwords merely for travelling beyond borders.
We can not allow casual bureaucratic demands for access to our entire digital life simply because of a few rotten eggs out of millions of travellers.
Furthermore, it is illegal to share passwords to online banking accounts and work emails, people can be refused bank service, or worse fired and sued for sharing company secrets. There is no legitimate reason to hand over confidential information to anonymous bureaucrats simply because they work at the borders.
If there was any alleged criminality of terrorist or pedophile nature, the five eyes would already have that information to hand without the even clumsier interference of the customs agents at the borders.

I personally recall on my 9th birthday NZ had it's first and only terrorist attack, and neither customs nor the GCSB did anything to stop the bombing of the Rainbow Warrior in 1985 by members of the french secret service.
It is increasingly clear that the proposal by customs is merely an incompetent powergrab of information they don't need at all, because what information they seek, they are already receiving through the GCSB.

http://piratepad.net/pqzuwfgoSq

Let's aim to get this semi-finalised by the 28th (next Tuesday) so we have a couple of days for minor tweaks for the submission is due (1st May).

I've tidied up the grammar.

Later tonight or tomorrow I will copy the text into Word and do a final spelling/grammar/writing style check + add formatting. Following that I will submit it as a PDF and attach the PDF here.

@andrewmcpherson is line 15 entirely necessary? If we start too antagonistically they may not read the rest of our submission :P