Legislation on hacking might let spies do more than just look at your data, writes VERNON SMALL.
The country's spies may already be hacking into your computer to add, delete or change data, even before Parliament passes a law allowing them to do so.
The Crimes Amendment Bill (No 6), being considered by a select committee, will make computer hacking an offence for the first time. But the Security Intelligence Service or the police will be able to seek warrants to hack into computers.
The exemption has been well flagged, but what is not widely understood is that SIS personnel almost certainly believe they have the right not only to look at data but to change files to "achieve the purpose of the warrant," or to hide their trail once they have secretly hacked into a computer.
Prime Minister Helen Clark, the minister responsible for the SIS, has refused to directly confirm that agents can tamper with computer files.
Asked if they had that power now, she said: "Those executing a warrant are justified in taking any reasonable action necessarily involved in effecting an interception or seizure. For reasons of security I am not prepared to comment further."
She said the law change would not alter or add to the SIS's powers to hack into computers.
If agents do tamper with data, and not just view e-mails and files, it raises questions about the integrity of individuals' computer records and the reliability of electronic data used in evidence. It could also - says Green MP Keith Locke - result in citizens being "set up" by the SIS's changing files and leaving no trace.
In answer to those concerns, Helen Clark said anyone harmed by any act of the SIS could complain to the Inspector-General of Intelligence and Security.
But critics say that is a weak protection because those affected may never suspect the SIS was involved.
The issue of spies changing data once they have hacked into computers was raised by officials last year.
They advised Justice Minister Phil Goff that once the Crimes Amendment Bill became law, the SIS Act should also be changed to remove any legal risk to the service.
Part of the change they urged would have made explicit the power to modify data.
Drawing on Australian secret service legislation, they suggested wording which would allow an agent with a warrant to obtain access to documents stored in the target computer, "and if necessary to achieve that purpose or to conceal the fact that anything has been done under the warrant, adding, deleting, or altering other data in the target computer."
However, they warned that it might be better to leave well alone.
Helen Clark told the Herald that the officials' advice to change the SIS Act was not followed because no changes were necessary.
It was based on a misunderstanding and wrongly assumed a specific power was needed.
Rodney Harrison QC, who represented anti free-trade activist Aziz Choudry in a successful case against an SIS break-in, said agents probably did not have the legal right to change data to hide their hacking, but it was a moot point.
There was now an express power allowing them to cover their tracks when making a physical entry.
"The absence of any express power when they're hacking suggests that they don't have it."
He said it was depressing to see new invasions of privacy when the Bill of Rights and the Privacy Act were supposed to protect citizens.
Privacy Commissioner Bruce Slane, who believes no public case has been made for remote hacking by enforcement agencies, said it was probably inherent that a secret service would hide its tracks.
He has warned the Government that it could be exposed to enormous damages if agents harmed computer systems during hacking.
But where there was no damage, the only civil remedy might be a common-law tort of breach of privacy - something the courts had alluded to but never defined.
Mr Slane has described remote hacking by the police as "a pernicious secret policing practice [that] should not be allowed for ordinary law enforcement."
He told a select committee last week that he was also concerned at state agencies "trawling" or "browsing" for key words.
He suggested establishing an auditor to ensure compliance when a warrant did not lead to a prosecution, and urged the committee to add a requirement that individuals be told when their conversations or private mail had been read.
Feature: Privacy
Privacy Commissioner (NZ)
Electronic Privacy Information Centre (USA)
ACLU Echelon Watch (USA)
Cyber Rights and Liberties (UK)
Law raises fears of SIS set-ups
AdvertisementAdvertise with NZME.