Written By:
notices and features - Date published:
1:00 pm, July 16th, 2015 - 12 comments
Categories: human rights, law, police -
Tags: police, privacy, surveillance
I/S at No Right Turn…
Back in March, the Herald reported that the police were routinely demanding personal information from New Zealand companies – and receiving it – without any form of warrant or statutory authorisation. Now, the Privacy Commissioner has started tracking these demands:
The number of times agencies such as the Police and Inland Revenue receive personal data from a range of companies is to be revealed.
Companies that hand over the information – often without a warrant or the knowledge of the customer – will now be asked to provide a record of requests to the Office of the Privacy Commissioner, which will publish a record.
[…]Mr Edwards said his office has been working on a pilot transparency reporting project, and had found an initial group of agencies and stakeholders generally supportive.
“This year we intend to trial asking companies to keep a standardised record of requests for information from law enforcement agencies and to report this information to us. We will then publish this information.”
But while this is good news, and it will give some idea of who the police’s biggest targets are, it seems like a clumsy way to gather this information. Why not go to the source and ask the police? The obvious conclusion is because they have refused to cooperate. Secondly, while its great to have data on these demands for information, its not enough. To point out two examples, police can demand extremely intrusive personal information, such as phone and internet metadata, or even the content of messages themselves, using a production order, while Customs can seize your phone or laptop at the border, snarf its contents, and go through literally every aspect of your life. And neither even bothers to count how often these powers are used, let alone keep statistics on who they target and how often such searches are successful. If the Privacy Commissioner wants to start keeping tabs on state invasions of privacy, tracking the use of these two search powers would be a great start.
Ahhh, the NZ police – Hand puppets for their Tory masters – since – well, forever.
In some ways, it is the same old, same old from the police and their Tory masters. They been doing this type of invasion of opponents lives, ever working people went.
“Do we really need to put up with is shit?”
And the good news folks, us working people have been saying that for a very, very long time. All we need to do is raise our voices again – and the police and their Tory scum pay masters will roll over.
Why do you think they do this stuff? They are scared of you! They are scared you will start working together to over throw their corrupt, moral bereft edifice. They are scared, that you will wake up one morning and go.
“I don’t really have to put up with this shit”
Bodies receiving such requests ought to refuse them and then immediately inform the target of the request made for their data. That ought to get the police to desist from making illegal requests and making illegal threats.
Any company advertising such a policy would enjoy my custom as a matter of principle.
I’m curious as to why handing over personal data isn’t illegal, at least under the privacy act.
If the cops have enough grounds to compell the supply of the information, cool – maybe we just need to upgrade the systems so that the production orders and warrants are processed and served in a timely manner.
But if a police officer is requesting personal data from a telco, what protections are there that the data is being informally requested for legitimate purposes?
What auditing is done on the data to ensure that each informal request pertains to a specific case?
What controls are in place to ensure that the data isn’t copied or distributed to a third party, even if it’s part of a legitimate investigation?
Cops will just make up the grounds to compel surrender of data- like with N Hager.
There are no protections of your info because once you share it with the Telco/Westpac/Ware-whare etc it is no longer yours- any more than the money in your bank account is yours. Its not.
It’s legal for information to be disclosed under the privacy act if the agency holding the information reasonably believes that “that non-compliance [with the privacy act] is necessary … to avoid prejudice to the maintenance of the law…” (principle 11)
The police are apparently quoting this section of the privacy act as an enabler for them to freely request information held by companies. It probably is “reasonable” for companies to comply with these requests — as it is “reasonable” to believe the police when they tell you what their powers are and what the consequences for non-compliance are. The problem seems to be that the police are arguably bullshitting.
“What controls are in place to ensure that the data isn’t copied or distributed to a third party, even if it’s part of a legitimate investigation?”
If the police somehow obtain private information about an individual the police themselves then have to follow the rules in the privacy act as to what they can do with that information. The police meet the definition of “an agency” in the privacy act.
I guess what I’m thinking is whether there is auditing in place to ensure that a police officer doesn’t piggy-back a personal or moonlighting data search onto an investigation.
I know that would be illegal for the officer to do, but I’m more concerned with how it would be detected, especially if the requests were made over the phone after both parties got into a routine.
Basically, if they got the metadata on 7 cellphones as part of a case, how would it be detected if an eigth cellhone was added to the request and deleted from the .csv sheet that becomes part of the case? Say if an officer wanted to know who his new GF was talking to?
I guess my questions are basically towards the concept that trusting individuals with data is like trusting individuals with money: don’t. Even though most of them would be honest, good procedures ensure that the person is demonstrably innocent.
It probably is “reasonable” for companies to comply with these requests — as it is “reasonable” to believe the police when they tell you what their powers are and what the consequences for non-compliance are.
And just as “reasonable” to believe otherwise.
Not really. You’d be hard pressed to argue (in court say) that a company was acting unreasonably by believing a police description of police powers.
Doesn’t mean that police description of their powers is actually correct, of course.
What concerns me is the probability they’re collecting personal data on people that has no relevance whatsoever to the reason they are interested in them in the first place. For example, a protester standing quietly holding a placard and is in nobody’s way… hurls a few obscenities at a police officer who has just deliberately tripped him up for no reason other than he’s got a placard. So, the officer then decides to gather personal information on the protester to see if he can find anything he can hang on him. It’s happened many times I’m sure.
Sounds about right Anne.
I’m sure it happens alot more than the avg. public realise, even the diddles that say, comment that nothing to hide nothing to fear! one of the most stupid things to be ever said in this country since 2008!
Disgusting but not surprising. This country really doesn’t qualify as a democracy anymore.