For those not from NZ and wondering like me what the "GCSB Bill" is:
GCSB is the Government Communications Security Bureau of New Zealand[1]. There seem to be two bills[2], and the topic has been on HN several times, but never got many points[3].
The bill allows our previously Foreign-intel Spy Agency extra domestic powers to (a) assist other agencies like the police and (b) undertake mass domestic surveillance with very little oversight in the name of "cybersecurity" and "economic security"
It's point (b) that's causing the real controversy, particularly since we're in the 5-eyes network and thus the GCSB are likely data-sharing with everyone else in the network (e.g. NSA, GCHQ.)
In reality the GCSB has been caught illegally spying on NZers, so the new bill is a rush-job to retroactively legalise it, but it's just ridiculously vague, and without even the protections of the US FISA court.
The oversight regime is that warrants are issued by the Prime Minister (the leader of the majority government party) and/or the Director of the GCSB (currently an old school-buddy of the current Prime Minister.) There's an auditor/investigator (one guy) who will get to review things once a year after the fact, although amendments to the bill might make it a panel of three doing the reviewing.
The Law Society of NZ has detailed their opposition over the bill [1].
And to really get a grasp on the insanity - watch the Prime Minister likening the system to virus protection [2] - then walking out of the press conference (after saying the Law Society are wrong).
(The companion bill to the GCSB bill, the TICS bill, mandates backdoors/"interception capabilities" for the GCSB in any network or "over the top" systems, which appears to include foreign cloud services. No one is sure how that is possibly going to fly, although Microsoft and Mega have both suggested they'll be pulling cloud services out of NZ if the bill passes.)
Apologies for the throwaway, but I thought I'd share my letter to Nicky Wagner here. For the uninitiated, ICT is "Information and Communication Technology" - roughly the equivalent to IT in the states.
Hi Nicky,
I'm a Software Engineer in the United States. My wife and
I are presently in the process of migrating to New Zealand,
specifically Christchurch, under the Skilled Migrant
Category visa.
I'm sure I don't need to inform you that ICT is on
New Zealand's list of long term skills shortages. Further,
I'm sure that you're acutely aware of the significance that
ICT growth can play to the economic resurgence of Christchurch.
As someone who is hoping to aid in this effort, I feel
obligated to inform you that the GCSB is a huge deterrent for
me. Being that my peers in the ICT industry are also quite
sensitive to issues such as these, I can't imagine that this
will help the ICT skills shortage for Christchurch, or the rest
of New Zealand.
Please vote against the GCSB, and urge your colleagues to do
the same.
Edit: Now that I'm rereading this I realize that I wrote "the GCSB" when I meant "the GCSB bills." Whoops!
Edit 2: Sent the following clarification. And here's hoping I didn't just get added to some watch list and screw over my chances for visa approval!
Just for clarification, I'm referring to the GCSB bills
below, not the entire GCSB. I support the GCSB as a whole,
as well as its greater purpose, but I'd much rather be
moving to a country that didn't allow for warrantless
surveillance of its people.
Some of these are already a write off. Paul Foster Bell has publicly said on Twitter that he will not reconsider as there are "real threats" in NZ and that IT company networks "need security" from the government. If you try debate this, they'll just block you: https://twitter.com/ow/status/369769923427307520
Ah the "I'm right and will not listen to anything that contradicts my view!" type. How the hell do such people get anything other then heaping helpings of scorn?
I've just written to all the MPs on this list. I'd ask that all other Kiwis do the same. It will take just a couple of minutes and if just a single MP crosses the floor it will stop the bill (as I understand it - I'm living outside of NZ at the moment).
The refuge is large amounts of at least moderately inhabitable land, with minimal militia or violence threat. I used to like NZ as well, but I'm favoring Canada these days, it has an obscenely immense amount of territory to disappear into. Chile, Peru and Argentina are also interesting; while they vary in terms of being basket cases, there's a lot of land, they're far away from all the super powers, are unlikely to get directly nuked, and are not land locked.
I seem to recall Canada either is debating or already has similar legislation in place (memory fails me sadly). Although we do definitely have lots of wide open space, mainly because it's either arctic desert, bare rock, or is below freezing for six months of the year (or more)
Or, better, spread the word on how to secure your own communications. Make people realize there could be no expectations of privacy when the letter's not in the envelope, and educate them on what's going on in the digital world. Make insecure communications look outdated and simply uncool, as they already should be for a while.
That is, unless you believe your government, ISP and their peer ISPs (including some US, Chinese or Russian ISP your e-postcard passes through) are totally trustworthy and good-mannered noblemen so they won't even accidentally peek onto your e-postcards if they're told they mustn't.
Disclaimer: I'm not NZ citizen and unaware of exact situation. I'm Russian citizen, and we have SORM-2 for years. So, I've just shared my opinion on any government or corporate spying case out there. I just think it's pointless to legally forbid spying as this makes false sense of security without any real effect.
>Or, better, spread the word on how to secure your own communications. Make people realize there could be no expectations of privacy when the letter's not in the envelope
That's a BS interpretation, based on a BS american law.
One should always have an expectation of privacy -- ie nobody but the recipients should be legally allowed to read your email (except with a warrant or similar).
That should be made into law (and it should be made so that there are severe penalties for anybody reading your mail without your consent, including employees in your email provider. It should also not be able to be used against you in court).
That they can read electronic mail (e.g if it's plaintext etc) easily is not a concern at all. One can easily walk into someone's house and steal things, but it's not allowed all the same.
Do you have expectation of security if you don't lock your house, then? I'll rephrase it this way - do you expect that no burglar will enter the premises just because there's a law that says that it's illegal to do so?
I didn't meant it's OK to sniff upon anyone's plaintext communications (although I'm unsure whenever prohibiting so is more of a good or bad thing, but let's leave this thought aside). I meant that it's just extremely unwise to expect that nobody but the intended recipient will read your envelopeless postcard. Especially because we know governments really have a thing for that.
>Do you have expectation of security if you don't lock your house, then?
Of course. And if that expectation is violated, if the culprit, if caught, will very much go to jail. And in some places you can have a go at him yourself.
>I'll rephrase it this way - do you expect that no burglar will enter the premises just because there's a law that says that it's illegal to do so?
No, but I don't care about that much.
I care about governments or corporations (e.g legal entities) going through our stuff, regularly, massively and legally. I want them to not be able to do it legally (and I want the law to try to enforce penalties if they try to bypass that).
As for random hackers and such, those are not a systematic threat.
That is, I'd like the same protections for my email that one has (or used to have) for his house: e.g no search without a warrant issued for a specific detailed reason. As for protection from burglars, I know how to lock my door, and even if I forget that, those people will be breaking the law and be held responsible by it.
That's effective known-to-be-working solution, though, and it's intended to prevent harm from occuring in the first place, not just repair from it by legal repercussions. We live in a world where policies are known to be violated every single day.
My point is, pre-Snowden US citizen believed their communications are private, because political solutions gave them false sense of security.
GCSB is the Government Communications Security Bureau of New Zealand[1]. There seem to be two bills[2], and the topic has been on HN several times, but never got many points[3].
[1] http://en.wikipedia.org/wiki/Government_Communications_Secur...
[2] https://news.ycombinator.com/item?id=5989010
[3] https://www.hnsearch.com/search#request/all&q=GCSB+bill