There is no doubt that New Zealand is being subject to mass surveillance. Probably not by our own government, but certainly by others as evidence from the Snowden affair has shown. New Zealand is uncomfortably bound into the Five Eyes agreement and unlikely to ever be allowed to leave. However, that protection comes at a cost to the privacy of the New Zealand citizen and a fledgling ICT Industry that deserves better.
As I have commented before, New Zealand has been the subject of surveillance by the Five Eyes and other nations for several decades. As technology has grown, spies have adapted tools to cater for it, in a leap frog where the surveillance is better than the security tools and vice versa. Right now, the security tools are slightly ahead and giving the spies some major headaches.
There are issues at the heart of this debate that have not been given enough time to be debated. The media is much more interested in Click Bait, instantaneous headlines that attract the mouse click and so the online advertising revenue, rather than in depth journalism.
The affect of all of this is twofold. The first being on the citizen of New Zealand going about your daily business and the second for the fledgling ICT Industry (and other industries for that matter).
As far as it goes for the personal citizen, the answer is relatively simple. Your privacy is your responsibility. Citizen’s need to educate themselves on how to ensure their own privacy. For those that care, then you can find a good guide written by yours truly here.
There is, a secondary thought, fueling the laziness of the average citizen, which says that we shouldn’t have to protect ourselves. I cry bullshit on this. One thing is absolutely certain, if you look the government to save you, then you are doomed. That is not government’s job, at this level, they are providing the surveillance in order to protect you, remember?
Now. Let’s look at the impact on industry, including ICT, in New Zealand. Most of which was born out of the “bend me over a barrel” laws passed last year with the help of Peter Dunne in order to, in my opinion, bolster the Five Eyes surveillance tools. A circus again, supported by Kim Dotcom and media that missed critical issues in favour of putting an international criminal against our Prime Minister. Opportunity lost.
The first thing is that the surveillance that goes on internationally actually has little to do with terrorism, although that is what we are taught. I sat on a panel with Bruce Ferguson and Paul Buchanan at NetHui last year and one of Paul’s comments was “Terrorism is the fig leaf on surveillance.” Or words to that affect. In other words, the vast majority of surveillance is NOT about protecting us from terrorists, it’s about something else.
That something else was exposed a few decades ago as information from ECHELON was used to gather highly sensitive information about an alternate bid, in a contract worth billions, that in the end, favoured a US company. The scene was set. ECHELON was not about chasing criminals, it was about gathering industrial and other information.
And so it has been proven via Snowden that the Five Eyes have been spying on a number of countries (Indonesia, Brazil, Germany, France, and others) NOT to alleviate criminality but to gather information on industry, negotiations, the likely outcome of government decisions (Timor), and so on.
Industry and ICT Lobby Leaders that I have spoken to today in New Zealand are angry that the Kim Dotcom circus has detracted from these facts. That our participation in the Five Eyes puts our industries at a distinct disadvantage. The New Zealand’s Government’s job is to protect this country. So why are they allowing our secrets to be taken across our industries?
Our Milk, Butter, and Meat industries are the backbone of our country. What is the New Zealand government doing to protect that intellectual property? Nothing. What about our genetic research? Our Crown owned research organisations? NIWA? The movie industry? Our private health information? Our governmental databases?
By allowing this mass surveillance to occur, the NZ Government is perpetrating the devaluing of our industry.
From an ICT Industry perspective, IP is crucial, the government should be providing protection at our borders, rather than allowing the US, the UK, Australia, and the like carte blanche access to our data.
So how do we deal with this? From an industry perspective, the answer is two-fold. First, we must understand that our government has absolutely no control over the degree of surveillance that the country is subject too. Second, we must accept that the government cannot help us in a global, interconnected, environment where we are choosing to buy services from offshore and onshore.
As government agencies and private ICT companies we must hen protect our own data. There are many ways to do this, with some examples being:
- Encrypt all data for an Cloud or local service where you are the only key holder. Any other method means that someone else ultimately has access to your date.
- Only protect what is important, if necessary, create a private, offline, encrypted storage area where the most sensitive information is stored.
- Do not use an telco based or shared service Cloud within New Zealand unless you can encrypt the data and hold the key. Everything else is open, thanks to TICS, PRISM, and the slew of other tools.
- When using international Cloud services, as well as encryption, consider upgrading to homomorphic encryption and choose the largest providers (Amazon) so you are lost in the crowd.
- The Department of Internal Affairs (separate from SIS, GCSB, and other spooks) has published a list of security providers that can help you. Consult with them. They are passionate and understand the need to protect IP and our data.
- Realise that our government (GCSB and SIS) can’t protect you, that they are effectively, a part of the problem. They have no control over this and neither does the Prime Minister. His communications are being hoovered up (with more attention I would have thought) just like the rest of us.
One of the things that makes industry leaders most upset is the squandered opportunity that storing data and computing workloads in New Zealand could have brought us. In other words, the theory being that because we are part of the Five Eyes, EVERYTHING is up for grabs and New Zealand is not a secure place to store data.
I’m calling bullshit again.
If our local Cloud Providers can assure customers that encryption can be implemented where ONLY the customer holds the key, then we still have that advantage. If that customer is off shore, so much the better, because they aren’t subject to local laws about giving up passwords. So local Cloud Providers need to get those services up and running ASAP.
Government cannot save you. They are in thrall to a decades old spy system that there is no escape from. We must protect ourselves. We must ensure our industries are secure.
It is imperative to understand that John Key, or Cunliffe, or any other party has absolutely no power to change these things. Otherwise, they would have. It doesn’t matter which party is in power, the result is the same.
Only you hold the key to your own privacy and personally owning more than one business based in New Zealand using offshore services, it is all protected, by the companies, at a cost, in order to protect privacy.
Like it or not, the days of the 1950’s are gone when we could leave our doors unlocked.
Finally, those who want to vote along these lines will find that Labour has a set of policies on the Digital Citizen, as do the Greens. No other parties have policy in this space. I’m not advocating it (I’m non-partisan). Quite frankly, I’ve been around long enough to figure out that even if they got in, rolling the international spying machine is almost impossible.
Protect. Your. Self.