Internet Surveillance Working Group Notes 23/03/01

The Internet Society of New Zealand
Crimes Amendment Bill #6
Submission Presentation Notes

1. Definitions are too broad and too narrow

• "interception devices" : interception does not depend on a device specifically built for the purpose; computer networks differ from telecommunications networks and require different approach
• interception duration: "intended recipient able to have access"' is ambiguous, and may not cover full duration.
• private communication: the exception is too broad. Anyone with a little knowledge of the technology would expect network traffic to be interceptable. We suggest only considered public if there is implicit or explicit consent for others to see it.

2. Interception as a routine part of network maintenance

• needs to apply to more than just ISPs
• network managers, network owners, have technical reasons to monitor traffic on their networks computer programmers use network monitoring for debugging

3. Right to encrypt

• encryption is increasingly used to obtain privacy on the Internet
• SSL encryption used for secure e-Commerce
• virtual private networks
• secure shell (for safe remote administration)

4. Other related areas not covered

• Denial of Service (DoS)
• viruses and trojans - possibly to be treated as willful damage

5. Use of intercepted information

• concerned that information captured remains secure, in New Zealand

6. Validity of evidence obtained

• packets can be forged
• where the traffic is intercepted is important
• a matter for the courts, but evidence gained needs to be weighed against the intrusion into privacy

©2001 The Internet Society of New Zealand
Last updated 23 March 2001