[ISN] Law raises fears of SIS set-ups

From: InfoSec News (isnat_private)
Date: Thu May 17 2001 - 03:12:59 PDT

  • Next message: InfoSec News: "[ISN] Hackers steal US Marine software via German university computer"

    16.05.2001 Legislation on hacking might let spies do more than just
    look at your data, writes VERNON SMALL.
    The country's spies may already be hacking into your computer to add,
    delete or change data, even before Parliament passes a law allowing
    them to do so.
    The Crimes Amendment Bill (No 6), being considered by a select
    committee, will make computer hacking an offence for the first time.
    But the Security Intelligence Service or the police will be able to
    seek warrants to hack into computers.
    The exemption has been well flagged, but what is not widely understood
    is that SIS personnel almost certainly believe they have the right not
    only to look at data but to change files to "achieve the purpose of
    the warrant," or to hide their trail once they have secretly hacked
    into a computer.
    Prime Minister Helen Clark, the minister responsible for the SIS, has
    refused to directly confirm that agents can tamper with computer
    Asked if they had that power now, she said: "Those executing a warrant
    are justified in taking any reasonable action necessarily involved in
    effecting an interception or seizure. For reasons of security I am not
    prepared to comment further."
    She said the law change would not alter or add to the SIS's powers to
    hack into computers.
    If agents do tamper with data, and not just view e-mails and files, it
    raises questions about the integrity of individuals' computer records
    and the reliability of electronic data used in evidence. It could also
    - says Green MP Keith Locke - result in citizens being "set up" by the
    SIS's changing files and leaving no trace.
    In answer to those concerns, Helen Clark said anyone harmed by any act
    of the SIS could complain to the Inspector-General of Intelligence and
    But critics say that is a weak protection because those affected may
    never suspect the SIS was involved.
    The issue of spies changing data once they have hacked into computers
    was raised by officials last year.
    They advised Justice Minister Phil Goff that once the Crimes Amendment
    Bill became law, the SIS Act should also be changed to remove any
    legal risk to the service.
    Part of the change they urged would have made explicit the power to
    modify data.
    Drawing on Australian secret service legislation, they suggested
    wording which would allow an agent with a warrant to obtain access to
    documents stored in the target computer, "and if necessary to achieve
    that purpose or to conceal the fact that anything has been done under
    the warrant, adding, deleting, or altering other data in the target
    However, they warned that it might be better to leave well alone.
    Helen Clark told the Herald that the officials' advice to change the
    SIS Act was not followed because no changes were necessary.
    It was based on a misunderstanding and wrongly assumed a specific
    power was needed.
    Rodney Harrison QC, who represented anti free-trade activist Aziz
    Choudry in a successful case against an SIS break-in, said agents
    probably did not have the legal right to change data to hide their
    hacking, but it was a moot point.
    There was now an express power allowing them to cover their tracks
    when making a physical entry.
    "The absence of any express power when they're hacking suggests that
    they don't have it."
    He said it was depressing to see new invasions of privacy when the
    Bill of Rights and the Privacy Act were supposed to protect citizens.
    Privacy Commissioner Bruce Slane, who believes no public case has been
    made for remote hacking by enforcement agencies, said it was probably
    inherent that a secret service would hide its tracks.
    He has warned the Government that it could be exposed to enormous
    damages if agents harmed computer systems during hacking.
    But where there was no damage, the only civil remedy might be a
    common-law tort of breach of privacy - something the courts had
    alluded to but never defined.
    Mr Slane has described remote hacking by the police as "a pernicious
    secret policing practice [that] should not be allowed for ordinary law
    He told a select committee last week that he was also concerned at
    state agencies "trawling" or "browsing" for key words.
    He suggested establishing an auditor to ensure compliance when a
    warrant did not lead to a prosecution, and urged the committee to add
    a requirement that individuals be told when their conversations or
    private mail had been read.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu May 17 2001 - 03:40:23 PDT