<i>Editorial:</i> We need to check the state's hacking

E-mail has all the security of a postcard, they say, and it is best to treat it that way. But we can't. E-mail combines the precision of the printed word with the ease and speed of speech. It is an irresistible tool that is fast displacing other means of communication in commerce and social life. Sheer convenience can outweigh concerns for security.

Nevertheless, the law must see that privacy and security are preserved as far as possible. Legislation before Parliament is making an attempt to do just that. It aims to outlaw "hacking" - the electronic version of opening somebody else's mail - along with the wilful transmission of viruses and other forms of online vandalism.

But the Crimes Amendment Bill (No 6) is becoming more contentious for the exemptions it will give the police, the Security Intelligence Service and the Government Communications Security Bureau. With the permission of a judge, police will be permitted to intercept e-mail just as they can search somebody's home or tap a telephone. The SIS, charged with internal security, and the GCSB, which monitors external communications, will be able to obtain interception warrants from their minister, invariably the Prime Minister. That, too, is normal for them. But hacking is not like other forms of surveillance.

Internet service providers can demonstrate how easy it is to obtain a complete log of a person's e-mail and online behaviour. All it takes is a "black box" installed at the provider's control centre and the police or the security services could not only call up all messages made or received by their quarry but they would have, at their fingertips, access to the mailbox of any other interesting name on the provider's circuits.

Furthermore, the providers are able to open the mail, alter it and send to somebody else. If a black box gave investigating authorities the same facility, the temptations might be too much.

These possibilities are hardly comparable with ransacking a room or tapping a telephone. E-mail eavesdropping would not involve hit-or-miss methods and long hours of watching a building or listening to telephone recordings. The computer that logged the messages has the ability also to seek out suspicious terms and references, sift out the dross and present the investigator with a ready-made file.

Why should this matter? These are, after all, state investigators acting in the interests of public safety and national security. People who present no threat to either surely have nothing to fear. Why should the innocent care whether a snoop is keying into their mail? They should be glad, shouldn't they, that the technology can give more power to those who pursue criminals, spies and other enemies of the state?

The concern is that they will not limit their interest to people who truly present a threat to public order and security. There are probably very genuine cases in a society such as this. The danger is that the agencies charged with monitoring them will be constantly trying to broaden their net and operate by a much wider definition of "threat" than we might imagine. Is this a society that would condone the routine surveillance of radical Maori or wild Greens, for example?

E-mail users will be so vulnerable to official hacking that it should not be permitted simply on the approval of the Prime Minister. Like the police, the intelligence agencies should have to satisfy a court every time they think they need to open other people's mail.