Privacy Commissioner John Edwards had some influence over the drafting of the legislation and said he was "pretty comfortable" with where the law stood...
"You know when you come into the country that you can be asked to open your suitcase and that a Customs officer can look at everything in there."
Evidently, severe brain damage is no hindrance to securing a commissioner's appointment in New Zealand.
Please don't post personal attacks to HN. If you don't owe better to the Privacy Commissioner of New Zealand, you at least owe it to this community not to degrade it like that.
Also, in the case that your view is correct, stooping that low discredits the truth. That's bad for everybody.
You're quite right. I had regrets after posting that knee-jerk comment. Oddly, my dissatisfaction is heightened by the ridiculous number of upvotes I received from that post. I shall strive to improve.
Devil’s advocate: what _is_ wrong with that logic? If we accept that customs can search our persons or luggage as a condition of our entering a given country, what is it about digital materials that makes them off limits?
I store information on my phone like my private thoughts, because I know that it’s an encrypted, secured device I always have with me. I wouldn’t store that information on paper — the best analogy is that it’s a backup of parts of my brain.
When you go through customs, they can’t just search your brain. They can search your possessions, but they can’t mind dump you.
That’s the critical distinction. It’s not my property that’s the problem. It’s that it’s an extension of my brain.
Because there is a HUGE difference between the contents of your luggage (some clothes, maybe some souvenirs, etc.) and all of your digital accounts (personal pictures, credit card numbers, access to banking, home address, etc.) I don't really care if the TSA look at my underwear, but I don't want anyone, especially low level employees, having access to every single aspect of my life.
Historically, your luggage would contain personal pictures, credit card numbers, general banking statements, generally personal information, etc. The medium in which this information is stored and carried around has changed.
The need to inspect what you're bringing into the country has not.
These processes didn't originally come about because people wanted to inspect your 5 different pairs of underwear or what personal devices are exploring where the sun don't shine. The people decrying this as some sort of over reach are basically just admitting ignorance to the fact that these processes are just lagging behind how people actually carry and transmit the same information they've been inspecting for nearly a century. It's just a small update to continue doing what border patrol has always been doing.
What's actually problematic is the there's so much information housed together on one device. In border patrol/guard/police in customs/etc attempt to, again, continue doing what they've always been doing that particular advance in policy and process has incidentally lead them at the forefront of a lot of information people used to either keep in their homes or just in their head.
Personally I think this more of a data organization problem than it is a government over reach one. It definitely needs to be discussed. It doesn't need to include tired cries of a 1984-esque future.
I don’t think that’s true, people weren’t carrying around every photo they ever took, and even then they took a lot less photos. People did not carry around all their banking statements all the time, etc. It’s an order of magnitude problem; yes, sometimes, people carried around those things and their diaries or whatnot, but this is more akin to giving the people the keys to your house, so they can make a perfect copy of to rummage through at their hearts content and find everything in it, and then wiretap your house.
This process came about because the public hasn’t demanded privacy protections as much as it has demanded safety, not out of any logical extension for existing policies.
Basically I don’t think that this logically extends from suitcases to full phone access in the same way I don’t think that the right to bear arms allows you to train and arm a private army with tanks and fighter jets. At some point, it stops being a logical extension of a rule and starts being of a different kind due to changes in magnitude.
Here, a country may be concerned about objects being physically brought into their country, but to be concerned about a persons digital life is a concern of a different kind, because of the scope of that search. It’s not a logical extension in the minds of most people who understand that magnitude of difference. I really hope I can convince you too!
I don’t think that border patrol was (in any meaningful numbers) catching financial crimes because people brought their bank accounts or private letters across borders. I really do not buy that this is a necessary step to fight crime at all (if it were, where are the unsolved crimes? What tragedies would have been prevented?) I think this was catching people moving cash/drugs/weapons off the grid and it can still function in that capacity without forcing digital searches.
Instead, this just grossly invades the privacy of tourists who don’t think to bring a burner phone.
>Basically I don’t think that this logically extends from suitcases to full phone access
I get that you don't think that is the case, but you're not really explaining why you believe so.
> but to be concerned about a persons digital life is a concern of a different kind
But as I said, they're just inspecting the same thing they've always been inspecting. The medium is different and it incidentally happens to be housed with a bunch of different data that historically was kept separate, purely for technological reasons.
You're implying that the cause here is "concern over a person's digital life" but you present no statement or proof that's what these policies are actually aimed at. I think it's fairly obvious that it's a simple reconfiguration of a policy to adapt to changing habits. And if it's not obvious I think the statements from government agencies explaining these policy changes shed further light on why it's being done. But you need to have a reason you believe this to not be the case. It can't just be.
Let's review some statements that hit on some of the above points:
>Individuals entering Canada who are concerned about how this policy might be applied may wish to exercise caution by either limiting the devices they travel with or removing sensitive personal information from devices that could be searched. Another potential measure is to store it on a secure device in Canada or in a secure cloud which would allow you to retrieve it securely once you arrive at your destination.
>Customs’ interest in relation to digital files is in the following enforcement areas:
> * Intercepting prohibited or restricted items
> * Identifying infringements of intellectual property rights
From page 64:
>Our Act does enable us to enforce the law in relation to the following prohibited goods when
they are in a digital format:
> * Objectionable material and images – “objectionable” has a very broad definition under
the Films, Videos, and Publications Classification Act 1993, and can capture material
ranging from violent or degrading sexual images to material that encourages criminal
acts or terrorism
> * Designs for weapons or for other items of potential military use
> * Designs and blueprints for making nuclear, biological, chemical or radiological
weapons.
Pretty far away from "concerns about a person's digital life."
>in the same way I don’t think that the right to bear arms allows you to train and arm a private army with tanks and fighter jets.
This analogy in no way is relevant to data organization and transmission. It's pretty hyperbolic and distracts from any point you are trying to make.
Let’s for the sake of argument assume that the governments stated reasons are what they are going after.
Is the off chance that someone carries objectionable pornography, designs for nuclear or chemical weapons on their personal phone (instead of emailing them encrypted, or following the state’s own guidelines on how to avoid being searched) worth the ability to search everyone’s personal phone without some kind of judicial oversight? How many people are estimated to be doing so? How many people did they used to catch via the old papers method but cannot anymore? The burden of proof should be on the state who wants to infringe on the privacy of travelers.
I mean, to me the fact that they acknowledge that anyone serious about privacy can take measures to circumvent it pretty much blows the story that this will be effective at catching people smuggling weapons designs or other serious crimes out of the water.
>This analogy in no way is relevant to data organization and transmission. It's pretty hyperbolic and distracts from any point you are trying to make.
I’m trying to make the case that clearly magnitude affects whether or not something is a reasonable extension, perhaps poorly. But you’ll surely concede that doing something at increased scale often changes the nature of that thing? And that’s what I’m saying here, you aren’t just giving away what would have been in your suitcase, you are giving away the keys to your house, car, mailbox, safety deposit box, diary and family photo album. That means it changes the nature of the request, and can’t be considered along the same lines as a suitcase.
>Let’s for the sake of argument assume that the governments stated reasons are what they are going after.
Okay but there's no "sake" about, that's literally what we are trying to establish. If you don't believe that a logical progression of existing laws and processes into new mediums is there reason why these policy changes are taking place, contrary to basic reasoning and explicit statements from these governments while pushing for these changes, you have to have an actual reason why you believe this not to be the case.
>I mean, to me the fact that they acknowledge that anyone serious about privacy can take measures to circumvent it pretty much blows the story that this will be effective at catching people smuggling weapons designs or other serious crimes out of the water.
There are plenty of ways to get away with murder but that doesn't mean we take it off the law books because of its efficacy. That's a really silly view point.
>But you’ll surely concede that doing something at increased scale often changes the nature of that thing?
As I said in my original post, it's worth discussing and certainly worth finding a solution too. But the particular governments we're talking about have well stated reasons for their policy changes, they aren't doing it to be draconian. We all started clumping our data together. Governments didn't increase the scope of what they were looking for.
>That means it changes the nature of the request, and can’t be considered along the same lines as a suitcase.
But that's exactly what it is. There's a reason we have have "files" and "folders" as basic user data organization schemes. Border policies haven't actually changed in any of dramatic fashion. Again we just started storing more data by other data, data they were already inspecting. You might argue that this little fact is the basis for why the policy should be changed, but you have to actually argue it.
If you bring a suitcase full of bananas in to Australia, customs will take them and detroy them, and probably prosecute you.
If you bring an electronic device in to Australia full of 0s and 1s that can be decoded to display as pictures of bananas, customs will just think your a bananaphile and shuffle you along.
Digital goods are fundamentally different.
You can’t cross the border, buy a suitcase, then download a bunch of bananas to fill it.
You can cross the border, buy a phone, then download instructions from your terrorist boss.
Whatever else these digital searches are I don’t know, but they’re certainly ham fisted to the point of embarrassment for the agents and agencies.
This is a classic case of a law that will only effect your average (law-abiding) citizen.
If you have something to hide, it would be trivial to store it on a web storage service that those searching you would have no way of knowing you possess (how would they know you have an account on some obscure storage platform that you paid for with monero? Or even just information stored in S3, they would need a list of all users linked to passport numbers for every service available around the world, since if they don't block VPNs you'll just use a service not available in NZ). So you wouldn't have it physically on your device, but you would be able to access it just as easily in 2018.
Or a free solution would be a noise.raw file that is actually an encrypted volume (many encryption formats are indistinguishable from random data).
they would need a list of all users linked to passport numbers for every service available around the world
At this rate, I wouldn't be surprised if in a few years, a person needs to punch in their SSN (or the equivalent in whichever country we are talking about) simply to access the internet and any service on the internet.
But for today's case - this is just security theater. Just a reminder to average Joe that he can be harassed anytime.
I'm pretty sure it's extremely import to inspect what people are bringing into the country. Besides the financial... tools that people can bring into a country there's a whole host of other items that can negatively impact the country, and not just from a social aspect:
* Invasive species. This includes plants, not just animals.
* Drugs
* In times of known or potential epidemics, screening people for obvious sickness.
* Weapons or tools that could be used for the purposes of terrorism.
Why would you say that there's no reason to inspect what people are bringing into your country?
1) All of those also apply to inter-region travel within the same country. Should those have guarded borders too? Shouldn't there be guarded borders between neighborhoods in the same city, just to make sure that nothing bad spreads? Hell, why not run around "inspecting" people's houses at random, just in case?
2) None of those are digital, so your earlier justification is moot anyway.
I'm well aware none of those are digital. That was exactly the point, to provide reasons outside the scope of the current conversation, since it's clearly being debated in this thread. I don't think you can really debate the above reasons therefore there is absolutely a need to search you as a person and your belongings when crossing a border.
As to your first statement, ignoring how disingenuous it is, if those standards did have a reasonable justification for applying them to inter-regional travel the fact that we do not apply those policies to inter-regional travel does not negate the justification for applying those policies on the international border. It's not binary.
> As to your first statement, ignoring how disingenuous it is, if those standards did have a reasonable justification for applying them to inter-regional travel the fact that we do not apply those policies to inter-regional travel does not negate the justification for applying those policies on the international border. It's not binary.
So what is that justifying difference that you seem to think exists?
National sovereignty, which historically simplifies to war-time allegiance. This is a common classification for governments of nation-states imposing travel restrictions. Are you asking if it's justified?
+ My communications with significant others which may be of various degrees of sfw
+ My work files, including proprietary or secret information
Any of those things would absolutely require a warrant, and may even require a specialized warrant in some cases (communications with my lawyer, health information).
This is a nuanced topic (border security), and while I think there's slippery slopes (and their associated fallacies) in both directions, it is true to say that you are very free to share none of those things with border security, and border security is very free to not admit you to the country.
In most countries, border security isn't entirely free to run rampant over your basic freedoms. Privileged communications (eg client/attorney) is an extremely important basic bastion of freedom and law, and violating that (which in this case seems incidental, not intentional) is a mockery.
Sure, any country is welcome to violate that norm, just the same as any country is welcome to force it's people in labor camps for insulting Dearest Leader. The rest of the world is also welcome to respond appropriately.
An equivalent example would be giving customs permission to search something private and located somewhere else, such as your house, simply because you're entering the country. This is an obvious and disgusting overreach of authority.
IMO it's the breadth and depth that is possible with our digital property. It's one thing to search the digital equivalent of some luggage (maybe the contents of a cellphone) and another thing entirely to be able to search through the entirety of one's digital property, which I see as the digital equivalent of authorities searching through your home, your car, and any other property you might own.
Digital Materials are an extension of your brain, a window into your files, a key to your bank account and safe deposit box. The government doesn't get to access those, the shouldn't get to access my phone?
The problem is, `/docs/plan-to-hijack-airnz-plane.txt` can easily be downloaded from the cloud once you're in-country, so you can just not keep it on your phone. This is a significant difference compared to bring in explosives (as an example), where searching your luggage would actually be effective.
Again, this law will primarily inconvenience / harm law-abiding folks, while not preventing the "bad guys" from doing what they want.
Primarily because you are not preinformed for the search. There is an expectation that your luggage may be searched, hence you dont put your favorute fetish items if you are easily embarrased. Most people don’t expect to have their sexting history searched (and possibly easily copied). Even if it has become legal, it is not a widely known practice, which means that in practice it violates human rights. Someone should take this to court, even if the only gain to be expected is Making it widely known, and -hopefully- people will stop voting to enable these authoritarian practices.
difference is that if they keep something from my suitcase, I will know. I have no such guarantees when they access my phone unless I see what they are doing.
That means, that you should expect your device and all access tokens on that device compromised.
I mean, they could cut copies of any keys you have on you, so you don't really have any guarantees there either, and you should therefore expect your locks to be compromised. Or they could photocopy any paper documents, etc.
I find it fine for them to require looking through digital material. The problem they have is that the digital material is complete nonsense without also having a password to decrypt it with. What should be off-limit to law enforcement in general are the secrets we keep in our memory.
Some material that can be stored on your phone is not permitted into New Zealand, like child pornography.
If you had that stored in your suitcase, it can be discovered, and a prosecution started.
If you had that stored in your phone, it can be discovered, and a prosecution started.
Phones aren't magical parts of your brain, that can cross borders without being inspected. There's no digital 'diplomatic pouch'. Just because there's lots of sensitive goodies inside doesn't mean it's immune to inspection. Why would it?
There is a digital diplomatic pouch though, it's called "the cloud". Anyone that wants to smuggle illegal bits and bytes into a country can simply do it over the Internet.
The reality is, nothing on your phone can cause actual danger to anyone in the way that guns or a bomb can.
So you have two ways getting illegal contents into a country. Instead of preventing both measures (which is what governments are trying to do [1]), you are suggesting ignoring one of the ways because the other way currently works?
The whole point of the customs and laws is to prevent any sort of measures to getting illegal contents into the country, either physically or via the cloud. Just because it is currently possible to do it via the cloud, does not mean the customs should give up checking physical devices.
Yes. Because it's too intrusive to search people's phones without probable cause and a warrant. I don't doubt that searching everyone's phone will result in criminal convictions. I do doubt the value to society in doing that.
3d printed guns are a simple bug in US law -- guns are controlled, but ammunition is not. Easy fix, make the ammo require a permit. Homemade guns are no longer a problem.
That argument is silly because all those things could also be stored (encrypted) on cloud servers and downloaded from NZ at any time. Trying to protect the country from CP via border checks is like a comedy skit to me.
Well, for one, it's a gateway into services/data that are not being brought into the country. I don't store a complete directory of all my contacts in my suitcase, why should the government be able to collect that from my phone? My phone can connect to my email and retrieve information, no one would print out their entire inbox and carry it in a suitcase...
Evidently, severe brain damage is no hindrance to securing a commissioner's appointment in New Zealand.