Fear Of State Hacking in Bill

[InfoSec News <isn () C4I ORG>]

http://nz.internet.com/r/article/jsp/sid/326868

by Keith Newman
nz.internet.com
09/01/01 09:35

Privacy Commissioner Bruce Slane is concerned changes to the Crimes
Act are about to give Police, secret service agencies, internet
service providers and telecommunications carriers unprecedented powers
to snoop into peoples private electronic business.

While welcoming harder measures against electronic crime encompassed
in the Crimes Amendment Bill (No 6), Mr Slane wants greater control
over the snooping powers of state agencies.

He fears if the law were to be passed in its present form, trawling
through personal information could be authorised on an unprecedented
scale presenting a considerable risk to privacy.

The Bill introduced into Parliament in November is designed to make
computer hacking and other unauthorised access of personal computers
illegal but exempts the Security Intelligence Service (SIS), the
Government Communications Security Bureau (GCSB).

The police need only obtain a search warrant to conduct an electronic
search and telecommunications and internet service providers can
intercept information for purposes of maintaining the internet or
other communications services.

Mr Slane opposes the pernicious practice of police hacking into
computer databases and has called for a full and meaningful public
reporting of any state interception of non-oral communication and
accessing of computer systems.

Generally the Privacy Commissioner says Police search warrants should
not provide legal authority for remotely accessing computers in a type
of "Police hacking". Instead, the bill should be amended so that a
search warrant merely provides authority to search the content of a
computer found on premises being searched pursuant to that warrant.

He also wants internet service providers (ISPs) and telecommunications
network providers to face criminal sanctions if they retain, use or
disclose private communications obtained during maintenance work.

Mr Slane says evidence should be obtained to establish whether there
really is a need for ISPs to have access to the content of private
communications. If such access is not essential the exemption should
not be granted.

He says any information obtained through electronic surveillance
should not be used for any other purpose other than that for which it
was originally obtained and should be destroyed when the investigation
is completed.

It is essential that covert interception and computer access be
limited to the level absolutely necessary to enable the relevant
agencies to perform their proper functions. It must be subject to
careful authorisation processes and operational controls, and be
proportionate to the intrusion on privacy, says Mr Slane.

He says a single warrant can authorise listening in to hundreds of
conversations involving dozens of individuals beyond the targeted
individual. Under the new law the SIS could conduct a similar
interrogation of a database.

He wants exemptions from the law withheld until the GCSB is placed on
a statutory footing and made subject to a statutory warrant process.
Currently the bureau is not established by statute and neither the
government nor the public has any say about its activities or knows
precisely what it is or does.

The GCSB currently operates spy stations at Waihopai near Blenheim and
at Tangimoana in the central North Island gathering and passing on
intercepted information to other spy agencies in Australia, Britain,
Canada and the US. While previously those listening devices were
included in a statutory exemption the new Bill opens the way for
expansion of such operations.

Mr Slane says he wants to see the law better clarified to strike a
more appropriate balance between collective rights to privacy and
competing state interests.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".