Posts by Matthew Poole
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Legal Beagle: Kim Dotcom: Questions and Answers, in reply to
Isn’t the issue the breach of s 14.?
As Graeme has pointed out there is no crime attached to that section. All it does is make it impossible for the interception to be legal, which then presents the options for Crimes Act prosecutions for unlawful interception.
-
Legal Beagle: Kim Dotcom: Questions and Answers, in reply to
I can imagine the NZ police and perhaps SIS and GCSB now saying “Oh, yes, can we have some of that, too?”
“that” being storage of ISP customer data (including emails) for two years, compulsion warrants for passwords [ETA: which we already have], and interception requirements for things like Skype.
In the name of all that’s holy, we’re back to this shit again?! The fuckwits who propose these laws have no conception of what they’re demanding, and they certainly have no intention of funding the collection and storage systems that they intend to foist on hapless ISPs. The sanity that has prevailed here WRT the serving of strike notices under the Copyright Act demonstrates that our pollies are persuadable in the face of commercial arguments by those who will bear the financial brunt of compliance, but I don’t know that Key et al are as easily swayed by such arguments when “t3h terroristses!” is the justification.
And don’t get me started on legal compulsion of passwords, or intercepting streaming communications such as Skype.
-
Legal Beagle: Kim Dotcom: Questions and Answers, in reply to
I wonder what the smokescreen is going to be.
The consensus in the Facebook-o-sphere is that Collins' announcement of more parole changes is the "look over there" action in this case. I've seen a National-friendly columnist in Granny pass comment on how obvious it is that National release pointless-but-headline grabbing policies at points when their reputation is on the line - in that context it was about trying to distract from Banks and child poverty by wailing on beneficiaries yet again. When even your fawning sycophants are talking about how you try and distract from bad news, you've got big problems.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
The GCSB is subject to all New Zealand law, although specific exemption provisions are contained in some legislation (for example the Privacy Act, the Public Finance Act, and the Radio Communications Act). Other more general exemptions are contained in the Human Rights Act and the Public Records Act.
Now I guess I need a lawyer. Seems to me the Privacy Act and Public Records Act would be the laws deciding whether or not the GCSB can check somebody’s citizenship or residency status without knocking on their door and politely asking.
The exemption to the Privacy Act is on national security grounds, and relates to releasing information, not gathering it. As we've seen with people trying to use the Privacy Act to find out what information about them is stored with the SIS, sometimes even revealing that there is or isn't a file can be called a risk to national security. So there's an exception to the general principle that people are entitled to know if any organisation holds information about them, and what that information is if it is held. Oh, and the right to correct that information.
And even with that exception the Privacy Act still applies to Immigration and DIA. Just because the intelligence services have some exemptions to the applicability of the Privacy Act doesn't mean anyone they contact to request information is similarly exempted.
The Public Records Act relates to archiving and releasing of work generated by government-funded bodies, and the exemption here is, again, national security. They're not exempted from archiving (there are employees of the National Archives who hold Top Secret security clearances, and there are secured storage facilities for classified archives) but the rules about release don't always apply. Again, this is about information going out not information coming in. Everyone else is not affected by the exemption.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
What would probably happen is that they’d install a lawful intercept configuration as described here and stick it in a cage at the data centre
Except that that would not be lawful in the absence of an interception warrant, and that includes ISP staff acting on behalf of the GCSB. There is no provision for GCSB-controlled interception devices to be connected to ISP networks on a permanent basis, and as Andre has pointed out the people who can make such devices work or otherwise are not, generally, sympathetic to the cause of the GCSB. ISP network engineers are fairly universally suspicious of people who want to monitor the communications of other people, and because of the fundamental security principle that anyone with physical access to your stuff owns it the GCSB won't be wanting to expose their kit to any greater risk of compromise than strictly necessary.
This is not the UK or the US. Things that might be plausible in their legal environments are not plausible here. When looking at the UK, consider that it's the home of the DA Notice before trying to transplant their culture to here, and the US was the home of massive levels of utterly-illegal wire-tapping at the level of telephone circuits.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
Does anyone have a map showing the routes of the fibre optic links around the country? Including where they go from offshore into NZ? Any detours they make etc. Needs to be down to road level probably.
That kind of tapping would be very definitely in the "interception device" category for reasons that start with being indiscriminately monitoring multiple circuits and continue with being a physical device installed on the line. If GCSB weren't needing a warrant for this, they weren't tapping the fibre out of Chez DotCom.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
an idemniity that could bugger the surplus in 2015
You appear to have an inaccurate impression of the scale of damage awards in such cases in New Zealand.
Given how tenuous the projected surplus is, if KDC were to sue on the basis that the detention of his funds in NZ prevented him from defending Mega Upload and thus brought about the demise of a half-billion-dollar business, it wouldn't actually be at all out of the realm of possibility for a very reasonable damages award to be greater than the projected surplus (ignoring the minor possibility of such an argument being successful). I believe the surplus is only at the order of $100m at this point, and a one-third award for damages would shoot that all to hell.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
Guess where the problem probably lies?
We know exactly where it lies: OFCANZ.
I'm actually not that bothered that GCSB didn't make their own enquiries about KDC's residency status. We all know, now, that he's a resident, and was at the time, but I'd never really even heard of him until this all blew up. With hindsight people are saying "A quick Google would've resolved the matter", but when you're talking about matters of absolute legal accuracy the first course of action for getting a correct answer should be to rely on the word of a law-enforcement agency that has asked you to do the work. After all, if they don't have it right...
Considering that GCSB is meant to operate in secret - and I have no particular problem with that - it would make more sense for them to rely on agencies with a public face to make inquiries about someone's residency status. After all, legal confirmation of that can only come from DIA and making the approach potentially blows operational cover. It would be quite normal, I imagine, for the Police to ask DIA to confirm residency status of individuals, and people shouldn't lose sight of the fact that it was the Police who initiated this investigation. If GCSB had started the work on their own initiative and not enquired further it would be a different story.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
And they have some responsibility for government computer security.
GCSB have ultimate responsibility for government computer security because they're the body that publishes the New Zealand Information Security Manual (NZISM), the Bible on InfoSec in NZ Government.
Rich's comment is, as you point out, well short of the mark. GCSB's budget is for their non-warrant interception and monitoring, for the maintenance of NZISM and providing advice to all government agencies on compliance with its requirements, and for the running of the National Cyber Security Centre, plus their tiny number of warranted intercepts.
-
Legal Beagle: Kim Dotcom and the GCSB, in reply to
We could simplify that to "any wireless connection" given the speed with which wireless security can be broken.
Best of British to you breaking into the SSL VPN that I sometimes tunnel across WiFi, to give one example of wireless traffic that you would not call insecure.
Also, the vulnerability in WPA2 requires that the listening station be inside the network. WPA2 is not, at least publicly, weak to outsiders sniffing the traffic. Even the "WiFi Protected Setup" hole doesn't weaken the cryptographic security of WPA2 with a good key.Plus given that the very fact of having implemented even as little as WEP demonstrates an intent to keep the network private, I would suggest that anything sniffed off a WiFi network running other than wide open could be easily argued to be inadmissible in a court hearing if there was no interception warrant. After all, if you had to break in then you were obviously not authorised, and knew it.