www.legislation.govt.nz/act/public/2018/0004/latest/DLM7039503.html?search=sw_096be8ed817c8ad5_password_25_se&p=1&sr=0
Travelers who refuse to surrender passwords, codes, encryption keys and other information enabling access to electronic devices could be fined up to $5,000 in New Zealand (about US$3,300), according to new customs rules that went into effect 1st Oct.
www.washingtonpost.com/news/morning-mix/wp/2018/10/02/new-zealands-digital-strip-searches-give-border-agents-your-device-passwords-or-risk-a-5000-fine/
Yeah... saw this last week.
Dodgy as f**k and a massive overreach.
A guy got caught up in it with medical/personal data and now needs to advise (clients & Govt) of a breach of GDPR Regs.
We have the same thing here... www.oaic.gov.au/privacy/notifiable-data-breaches/
Technically someone even seeing information that is not for them is a breach requiring notification.
Being on record with a notifiable data breach can be the death knell for your business... and for you personally.
Passwords for access to my stuff?? Hate to quote the NRA but "out of my cold dead hands"
Not really sure what the point of this is. If you are criminally inclined this would be a fairly easy regulation to get around. Firstly if travelling to NZ you don't take the phone or laptop you normally use but bring a phone that is disposable. Secondly once you've been forced to hand over all your authentication information, you get out of the airport and then change the information to something else. Thirdly more devices now can be authenticated with facial recognition. So just give the border guard goon a picture of your face & tell them this is how you authenticate.
So it will just get those who really do not have anything to hide, till they find out they did have something to hide, or those who don't care.
I don't really keep that much stuff on my phone though so it doesn't really matter. I refuse to put social media application on my phone as they are very invasive.
Secondly once you've been forced to hand over all your authentication information, you get out of the airport and then change the information to something else.
Too late by then... they've already changed it for you
How suspect is having a burner phone going to look? Practically begging for a lubed glove then...
Secondly once you've been forced to hand over all your authentication information, you get out of the airport and then change the information to something else.
Too late by then... they've already changed it for you
How suspect is having a burner phone going to look? Practically begging for a lubed glove then...
If they have changed your authentication info then you'd soon know.
Anyway in this day and age there are a myriad number of ways to keep information hidden. Public/private key encryption is pretty easy to do and these laws would not crack it. Also the mulititute of online services out there would allow communication between criminals without being detected.
The legislation to seize devices and demand access has been around in WA/Australia for quite some time, so it's nothing new. I love it when people get their knickers in a knot when their civil liberties were actually stripped a decade ago
In reality NZ Border Force are only going to use it to target persons suspected of having child exploitation material on their phones or people suspected of entering to work unlawfully on travel visas that will have emails and text messages regarding work on their phone. Both of which can go and get fooked, both in NZ and Australia.
It seems pretty unlikely the average tourist or business traveller will trigger 'reasonable grounds' to seize a device and demand access.
In reality NZ Border Force are only going to use it to target persons suspected of...
It seems pretty unlikely the average tourist or business traveller will trigger 'reasonable grounds' to seize a device and demand access.
Yes it has been around a while... but... it was actually reserved for the "proper" purposes... so Joe Q Public wasn't strictly aware of it.
But then the goal posts moved...
"In reality Border Force are only going to use it to target persons suspected of..." dissent, "objectionable views", BF Guard having a bad day etc etc etc
'reasonable grounds' starts out as just the hard core crims, the kiddie fiddlers, immigration workers... then becomes everyone who disagrees with whatever the current trend on opinion is.
If they have changed your authentication info then you'd soon know.
Anyway in this day and age there are a myriad number of ways to keep information hidden. Public/private key encryption is pretty easy to do and these laws would not crack it. Also the mulititute of online services out there would allow communication between criminals without being detected.
Yes you would... but you now don't own that new authentication do you...
And given that most people have linked authentications via SSO (facebook, AppleID, Various flavours of whatever Microsofts calling their version this week) they now have access to everything else.
And your using your phone for 2FA? They can keep that so 2FA doesn't stop them.
Using encryption doesn't help you as you are required to provide the access to that as well.
As you say... real crims are savvy to how to get around this (burners, no social, no SSO), so who exactly is this targeted at?
I've spoken to Borderforce staff here and if NZ is the same they don't have the staff to waste time doing random, targeted, unlawful searches of people and their devices without reasonable suspicion.
Lots of crooks are stupid as well. They're the low hanging fruit that do travel with laptops and phones with half a million kiddie porn images on them or messages they haven't deleted from WhatsApp. Never underestimate how stupid people can be.
The real crims, if they're dumb enough to travel with a device containing evidence that will send them to prison for a while will most likely choose the $5,000 fine and deportation rather than hand over their password. Call it a cost-benefit analysis.
Well NZ needs to catch up with more progressive countries like Australia that have already stripped civil liberties and have provision to demand access to devices
But to be fair, the power to demand access is riddled with legislate requirements and not easy to effect on the spot.
Huh. Did they?
There are plenty of Acts that state "on reasonable grounds"or "reasonable suspicion" so why do you think this particular one will be abused? A BF worker having a sh!tty day would never result in a lawful search. So they'd lose their job. So they won'tdo it.
That seesm to be the case so far in the last 200 years with Customs, cops, federal cops, Fisheries, quarantine etc etc all able to search based on "reasonable" grounds.
Your argument might have merit if we had seen eroding of the status quo in those other examples, but we have not.
As to what Apple etc think - they can get stiffed, as data access orders happen every day against druggies and kiddie fiddlers in many countries.
And rightly so.
^^^ How is this relevant?
Law allows for law enforcement agencies to demand access (via password / PIN) aphone or USB etc seized from a pedo ata search warrant at his house. You have told us how much you hate pedos in the religious thread.
So if a pedo flies into NZ, now they can ask for his passwords to check his phone and laptop etc- if he refuses he is fined $5K and chucked out of the country.
Is that a bad thing?
And yeah it might help with terrorists too. But you can hardly discount the value of such legislation based simply upon how you the think post-9/11 security stuff is over-reach
Yah?
Huh. Did they?
There are plenty of Acts that state "on reasonable grounds"or "reasonable suspicion" so why do you think this particular one will be abused? A BF worker having a sh!tty day would never result in a lawful search. So they'd lose their job. So they won'tdo it.
That seesm to be the case so far in the last 200 years with Customs, cops, federal cops, Fisheries, quarantine etc etc all able to search based on "reasonable" grounds.
Your argument might have merit if we had seen eroding of the status quo in those other examples, but we have not.
Mark... I would love to live in your world where no one in authority was corruptible and didn't abuse their position or power, on reasonable grounds.
It must be nice... having obviously never happened, once, in the last 200 years. (seabreeze needs a rolling eyes emoji)
^^ you are confusing where the cops ask Apple"who owns this phone cos we found it" (a billion times)
and a data access order where a warrant issued by a magistrate or JPs says the owner of the (seized) device has to give the PIN to the cops as it contains evidence of unlawful activity (not so much)
Big difference.
Do you disagree with cops being allowed to access the phone of a pedo seized at his house under warrant, the same as they can require the code to the safe at a drug dealers house when at a search warrant?
As to your belief there must be heaps of examples of unreasonable access- well, this is tested in every single court case, if it was unreasonable the guy would get off.
just like the cops needing reasonable grounds to pat search- reasonable grounds to demand somebody's name- reasonable grounds to get a search warrant.
Like I said, its no different and if they abuse it they will lose it (and be sacked)
^^ you are confusing where the cops ask Apple"who owns this phone cos we found it" (a billion times)
and a data access order where a warrant issued by a magistrate or JPs says the owner of the (seized) device has to give the PIN to the cops as it contains evidence of unlawful activity (not so much)
Big difference.
I'll tackle this over a couple of posts.
Re Apple data requests.
Not confusing at all.
Govt asks apple because a person is not legally obligated to provide the password (except in NZ). Ie the owner refuses so the Govt asked the provider.
There is no reporting of all the requests to unlock - as there is not a requiremnt to do so... except in NZ.
As for the number of requests to Apple... use these as the tip of the pyramid... For every request that got court authority to request, how many applications were rejected by judicial oversight. And then how many before that where a case didnt have enough to proceed to get a court order... and before that where charges weren't even laid...and before that where the supervisor on site deemed nothing to raise and before that where the front line guy had 'reasonable suspicion' and intercepted the owner requesting access...
That 717 figure where actual data was released includes some requests where the owners are not notified.
All the other tables, Apple provides metadata or just the details if the owner.
Ie a very small amount of very specific data.
^Remember this line for the next post.
^^^^ we are talking about different things perhaps. I am talking about PIN or password to unlock - which the manufacturer does not supply, but under a data access order the owner has to provide.
You say a person is not legally obliged to provide (except in NZ).
Yes they are, if a warrant is sought to access their device. Happens all the time. IE a magistrate is happy there are reasonable grounds to inspect the device, issues warrant / access order and the owner has to provide their PIN to the cops.
The NZ legislation is a step up from that so I can understand the concern, but its simply saying if you want to enter and they have some info that you are organised crime or a pedo etc (ie reasonable suspicion) - let us look thru your phone and laptop or you aren't coming in.
^^^^ we are talking about different things perhaps. I am talking about PIN or password to unlock - which the manufacturer does not supply, but under a data access order the owner has to provide.
You say a person is not legally obliged to provide (except in NZ).
Yes they are, if a warrant is sought to access their device. Happens all the time. IE a magistrate is happy there are reasonable grounds to inspect the device, issues warrant / access order and the owner has to provide their PIN to the cops.
The NZ legislation is a step up from that so I can understand the concern, but its simply saying if you want to enter and they have some info that you are organised crime or a pedo etc (ie reasonable suspicion) - let us look thru your phone and laptop or you aren't coming in.
Now you're getting there...
A person is not obliged to provide access unless a magistrate is happy there are reasonable grounds to inspect the device, issues warrant / access order and the owner has to provide their PIN to the cops.
NZ have gone from ^that^ process to - A pissed off CA deciding that you look like a paedo (you know, like Elon Musk does) and requesting access to your devices, remembering now - that refusal to provide access constitutes "reasonable grounds" in and of itself - so your done.
Simple Hypothetical... (before I start on the other stuff)
The night before you travel to NZ; after a few sherberts, you got a little freaky with your missus and decided that taking some snapshots on your phone would add to the occasion. Totally legal and above board (but your missus is way kinkier than I thought ).
These are the first pics visible if someone opens your pic history... which you remember just as the NZ CA casually asks to look at your phone...
Do you :
a) Open the phone up for him and look him right in the eye and hold your hand up for a high 5?
b) Open the phone hoping he doesn't see what you did last night (you cant even believe what you did that last night, yet, here's the proof - in full HD retina display)
c) Mumble to him that you don't think it would be a good idea to give him that access? As your wife is staring at you wishing she hadn't suggested this ******* holiday in the first place.
Now...
There would be a small number that would go for
A) "Yeah That's right... see our love with your own eyes Mr Customs Man - what is seen, cannot be unseen!"
Some would go for:
B) and leave NZ via a different port, 'cause you cant risk seeing that look on the CAs face again when you fly home.
But if like the vast majority of sane normal human beings, you went for:
C)...but guess what?? CA now has "reasonable grounds", you owe NZ $5k... and you've lost the phone... and a good chance those pics will end up on some dodgy website after the Customs servers are hacked one day... and worst things of all - you aint ever getting to do that again with your missus.
(I know you picked A Mark)
Ie a very small amount of very specific data.
^Remember this line for the next post.
The above hypothetical scenario was clearly a contrived example to make a point. ( It may have been based on fact, who knows right)
So for a Real Scenario:
Person A, by virtue of the type of work he/she does (IT Administrator/ technician for a company providing IT services) has unfettered access to multiple companies systems via their phone or laptop. They need to travel for work.
Rule 1 of IT security - if you do not physically have the unlocked device - ALL systems that the device had access too are now considered compromised.
Once that device you've unlocked and handed over for NZ CA (because he really really thinks you look dodgy) - and especially if its taken away - You have no idea what has been done to it, installed on it etc.
In Australia, we have the NDB
www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
In Europe, GDPR.
It doesn't matter where else in the world you are - if you have, or have access to, personal data from the base country - you are covered by the legislation.
So, once that unlocked device is no longer under your control - you now have a Notifiable Breach.
Congratulations... you now have to notify the Government, and all people potentially affected by the breach that the device had access to.
Now... maybe... you could argue that Person A shouldn't be carrying a device that has that kind of access, he is crossing borders etc so put it all in The Cloud and carry a burner laptop/phone... except some companies don't/wont/cant/ store their data in the cloud.
Me, I prefer the "If you think you have reasonable grounds to access my stuff and by extension everyone else who is linked via that device - get yourself a warrant and then we'll talk." approach... The one that's been in place since the Magna Carta was signed.
A BF worker having a sh!tty day would never result in a lawful search. So they'd lose their job. So they won'tdo it.
just like the cops needing reasonable grounds to pat search- reasonable grounds to demand somebody's name- reasonable grounds to get a search warrant.
Like I said, its no different and if they abuse it they will lose it (and be sacked)
For anyone who has travelled internationally - you know to NEVER argue with Customs and Immigration. (Although I have**)
An history shows that for anyone who is a minority - you know to NEVER argue with the Badge and Gun.
The power differential between you, and Whoever Has The Badge, is to all intents and purposes insurmountable.
Who is going to be believed? - the person just going about their day - or the Upholder of Law and Order (who just might lose their jobs)
There is umpteen enough cases here and worldwide (and still happening) where the police/customs/govt have been caught out abusing their position and power that actual laws get put in place to stop it - why are laws put in place to stop something that you say isn't happening?
Actual Scenario
**Coming back home to UK from my weekly trip to Rotterdam for work.
Easyjet flight delayed 2 hours. It 9PM, 70hrs in 5 days, I'm tired and still have a 2hr drive to do.
Customs guy pings my Aussie accent (reasonable suspicion alert?) and sees foreign passport.
CA Checks Visa.
CA "Where is your wife?"
Me "At home"
CA "What is she doing at home?"
Me (Thinking WTF? how would I know, probably asleep by now anyway)
Me "I have no idea... I'm not there... I'm here"
CA "Why is she at home?"
Me "Ummm because that's where we live?"
CA Gets all huffy and says I cant come into the UK today. As he's reaching to stamp a "Denied Entry" in my passport...
Me "WTF are you on about mate? I'm into year 3 of a 4 year visa, I've been travelling in and out weekly for the last 6 months without issue. "What is wrong with tonight?"
CA "You're wife is at home"
Me "and???"
CA "You're wife... is at home!" (Like saying it louder and with dramatic pause would make it clearer)
Me "Get your supervisor."
CA "Move aside so we can process other passengers"
Me "Yeah, Nah, Get your supervisor. I'm in the queue." (Pulling the quintessential British Queue move on him, it pays to assimilate )
Supervisor comes over and asks what's going on... can you guess who he is believing?? At first..
CA "His wife is at home. Visa states "Must be Accompanied By Wife", there is no wife, he is denied entry."
SCA to me "Well? If your wife is not here you will be denied entry"
Me: "Ha! Hows about you read the whole Visa page..."
SCA "Visa states "Must be Accompanied By Wife... on first visit"
SCA looks up at me and then turns to CA and asks in very clipped tones "What are you doing?" and flipped him upside the head!!!
SCA turns to me and apologises profusely...
SCA "On your way sir, have nice drive home to your wife."
Similar thing happened to my wife coming back in one day, me & my sister in law got checked through OK, wife held up as the visa was deemed fake - luckily for her, we had ours to show they were in fact legit.
And allllll this for something as simple as for the wording on a visa!
If the same thing happened in NZ today, I'd be out of pocket $5k and not have a phone...
Now I'll grant you my evidence in this case is anecdotal (and yes, I did get a bit stroppy, which obviously never helps)
But yeah Mark...
Those in power may just abuse it if they really really believe they are right about something.
I'd be stunned if the first line BF staff have any capacity to carry a data access order right through to a prosecution, $5,000 fine and refusal to enter without having to satisfy to a senior supervisor.
Agencies like BF, police and Immigration don't know how to employ that sort of legislation without fooking it up with a ream of paperwork.
Rod- simple version
If you look dodgy at Customs they can search you.
If a Police Officer on the street has a bit more than that- reasonable suspicion you have drugs or weaponsor stolen property etc- they can search you.
See the difference there? They need that little bit more on the street. Right- so what this is, is when that little bit more exists like a warning on the traveller that they are a pedo, Customs can demand to look thru their phone. They already are looking thru their baggage as that can be random. This is when they have that little bit more.
That is nothing like the error in reading your visa that you quoted- it is just common sense that in a digital world going thru a bag is not a complete search really is it...
And your example of elevating it to the supervisor is quite a great example of if a mistake is made they apologise and you move along. You would not be $5K out of pocket and missing a phone.
I can't believe anyone would be against the ability to go thru electronic devices IF the reasonable suspicion exists. Not a whim, npt cos he's coloured, not cos they are having a bad day- they need to have suspicion of a pedo, terrorist or druggie
You get to choose who comes into your house, NZ gets to choose who comes into their country. If we let in somebody who had a pedo warning on them as "we couldn't do anything at the airport" and your kid was abused by him, you'd not be in such opposition to this I fear....
I can't believe anyone would be against the ability to go thru electronic devices IF the reasonable suspicion exists. Not a whim, npt cos he's coloured, not cos they are having a bad day- they need to have suspicion of a pedo, terrorist or druggie
What's reasonable Mark? The entire reason its worded like that is to cover all possible options.
Its designed to not be prescriptive.
IF! If there is a court sanctioned request - I have no issue at all with it. This is how its been for a very long time... and served us well.
Its clearly reasonable to you that we all just reverse in with our arses lubed and all our data available to whoever asks - because the tiny, bordering on Infinitesimal, edge case possibility of catching a crim is worth us doing that. 717 in 1.3 billion.
In the Visa case I described, it was cut and dry. Had I not been overtired, pissed off, and just said Yes Masser. I may well have been on a plane back to Rotterdam.
I knew I was not in breach of immigration rules. In this case I was lucky as I had the actual paperwork right there to prove it.
I know I'm not a paedo, druggie, terrorist... but how exactly do you prove the absence of something? (Religion has had a good crack at it)
So fine... lets run with your ideal of those in power wont ever abuse it... there is always just plain old incompetence (as in the visa example)
Should we allow full access to all of peoples (and extended relations) data be available because the border official cant read passed the first 4 words of a visa?
That is nothing like the error in reading your visa that you quoted- it is just common sense that in a digital world going thru a bag is not a complete search really is it...
Where does the search stop?
Its digital... it could be on my phone, in the cloud, on a hard drive at my house, copies on floppies in a safety deposit box in a Swiss bank vault.
What a load of rubbish
There is a bloody long list already of what cops, fisheries, local Govt, etc etc can do with "reasonable suspicion" or on "reasonable grounds"
You ask "whats reasonable" - well, the "reasonable man's belief" test has been in law for 200 years. It is subject to plenty of oversight
ie: if you got searched and it was not reasonable, in Court the authorities lose and some guy loses his job. Is that not good enough a backstop..?
The list of search /entry to premises that can be done without warrant is pretty long too.
What a load of rubbish
There is a bloody long list already of what cops, fisheries, local Govt, etc etc can do with "reasonable suspicion" or on "reasonable grounds"
You ask "whats reasonable" - well, the "reasonable man's belief" test has been in law for 200 years. It is subject to plenty of oversight
ie: if you got searched and it was not reasonable, in Court the authorities lose and some guy loses his job. Is that not good enough a backstop..?
The list of search /entry to premises that can be done without warrant is pretty long too.
What part is Rubbish?
Fisheries, yes they have power of warrantless search and seizure - but that is still limited to the boat/car while in use. They may not enter your private dwelling without warrant and they may not search beyond the scope of the fisheries act. ie cannot search your photo albums, your friends photo albums, bank statements, emails, messages etc
As for the others... they are all still generally limited to the scope of the department they work for.
The issue is not that the Govt can ultimately access the information, its that they can now do it without oversight and extend that search way beyond what is required for the task of Customs/Immigration control, by virtue that the device is linked to so many other parts of your life - which ordinarily would be beyond warrantless searches. (Why do you think they want this power in the first place??)
Its too late for the control of your (and people linked to you) information to go to court afterwards and get the sorry we were wrong.
The information has already been compromised.
This access to private information... just for driverless cars!
mobile.abc.net.au/news/2018-10-21/privacy-fears-driverless-cars-transport-inquiry-qld/10400012
The OIC warns that "privacy breaches can have devastating consequences for individuals, for example, the tracking and location of a domestic violence victim". It also cautions that personal information could be exploited for commercial purposes and calls for "appropriate legislative constraints" on how law enforcement agencies can access the data.
Loosing your job.. woop de do - it isn't the end of the world... there is more than 1 job out there...
What part is Rubbish?
Loosing your job.. woop de do - it isn't the end of the world... there is more than 1 job out there...
The fact you think this is a major problem or a big step up from what we have. Thats what is rubbish
OK analogy:
If cops suspect you have a weapon out in public (on reasonable grounds)- they can stop you in the street and search you.
If Fisheries suspect on reasonable grounds you have undersized fish/crays etc - they can stop and search you.
If quarantine suspect on reasonable grounds that you have fruit n veg in your car entering WA- they can search you
If Firies suspect that entry to a certain area may risk life or property during a fire ......and again, guess what , their suspicion is on- wait for it -reasonable grounds- they can close a road or area to the public
So how is this different? If you fly into NZ and NOT BECAUSE THEY READ YOUR VISA WRONG but if they have reasonable grounds to suspect you are a pedo, terrorist or drug dealer than can go thru your phone and laptop.
FFS its not a big deal.
I think your negative view of the legislation is due to one bad experience with a wanker of a BF guard but it is not relevant mate. Its like saying cops should not have the power to search a druggie because once a cop gave u a ticket and he was rude and a bit dumb. (likely for traffic cops)
Even if you disagree with all of it- same as entry to your house, you choose who comes in. If NZ wants to do this - well, its their house.