[NZLUG] Privacy server

Nick Rout nick.rout at gmail.com
Wed Jun 19 12:47:53 NZST 2013


On Tue, Jun 18, 2013 at 5:51 PM, Jim Cheetham <jim at gonzul.net> wrote:

> On Jun 18, 2013 5:12 PM, "Volker Kuhlmann" <hidden at paradise.net.nz> wrote:
> > On Tue 18 Jun 2013 16:09:31 NZST +1200, Jim Cheetham wrote:
> > > > One major thought is that one should *expect to* receive subpoenas
> from
> > > > Police and GCSB within a day of the site going live, and be forced to
> > > > install arbitrary backdoor logging and MITM software.
> > >
> > > And with a careful setup procedure and a reasonable level of
> > > cross-checking, such an activity should be difficult to keep secret.
> >
> > Hmm, I expect those requests to come with a clause "you will keep quiet
> > about this or we send you straight to jail". How do you plan to address
> > that?
>
> I am not aware of any such clause under NZ law; of course moving the
> paranoia-meter to the far side is possible when formulating scenarios, but
> the group needs to decide what practical response is needed.
>

I am not aware of any specific offence to disclose that you have had a
search warrant served on you, but if you alert the subject to the fact that
the Police/GCSB/WINZ/MOH/whoever are on to them, then you would seriously
risk a prosecution for attempting to pervert the course of justice which
has a maximum penalty of 7 years in the big house.

The Search and Surveillance Act 2012 is pretty new and is long and complex
and more intrusive into privacy than the previous stuff in the Summary
Proceedings, Misuse of Drugs and Crimes Acts. As I lawyer I certainly
haven't got my head around it completely yet.  And that's before you even
get into the GCSB legislation which, as we all know, is currently being (or
has already been) changed.

> There is currently a technical hack to the US gag-orders; just tweet every
> day that you have not received any gag order; the moment you receive such
> an order, you cease being able to make the tweet.
> Of course 'they' would change their gag orders to clarify that you must
> lie, instead of asking that you remain silent. But it's all a big unknown,
> isn't it?
>
> Trust has to be assigned to the people and suppliers involved in the
> system; a good definition of exactly how much and how little trust is being
> assigned is needed. At some point you have to trust that the motherboard
> you purchased actually has the firmware/BIOS in it that you expected,
> because you don't have the tools to verify it anyway (actually there are
> some nice proof-of-concept attack BIOSs out there at the moment that
> subvert the whole machine silently).
>
> > Not keeping log files was permitted in the EU until relatively recently,
>
> I'm not aware of any such legal requirement to keep log files, I'm not an
> ISP or a communications provider and neither will this proposed server
> group be; it will be a private service for a tightly-defined set of people.
>
> > If NZ
> > doesn't have rules about it (yet?) it would be a bonus for staying
> > on-shore.
>
> Being on-shore (either of them) means that we have a chance of finding out
> when the rules change :-) before they bite anyone too hard. Shutting down
> the service might be a valid approach some day, but not trying, now?
>
> > In principle I am interested in such a service, and would support
> > establishing the feasibility of it.
>
> That's mostly what I'm asking at the moment, so thanks :-)
>
> -jim
>
> _______________________________________________
> NZLUG mailing list
> NZLUG at lists.nzoss.org.nz
> http://lists.nzoss.org.nz/mailman/listinfo/nzlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nzoss.org.nz/pipermail/nzlug/attachments/20130619/c52f3f52/attachment.html>


More information about the NZLUG mailing list