Submission on the Bill extending benefit sanctions to people serving community sentences

Stacks of coins

My submission on the Social Security (Stopping Benefit Payments for Offenders who Repeatedly Fail to Comply with Community Sentences) Amendment Bill:

This Bill would extend the sanction regime to people on benefits who have a community sentence and who fail to comply with that sentence.

I note that section 186 does not give those people already on community sentences a grace period before this sanction can be applied to them.

This Bill highlights failures in the New Zealand justice system and does not address the underlying causes of non-compliance with community sentences.

A very concerning part of this Bill is that it would negatively affect children. If the Ministry of Social Development knows a child is dependent on the person whose benefit they propose to cut, the benefit can still be cut, but “only” by half. On the levels that benefits currently are, cutting a benefit in half will still be devastating for a family, and for the welfare of a child.

A person’s benefit can be restarted if they start to comply with the community sentence, but it’s unclear how they will be able to comply with their sentence if they have no money for transport. They might also not have money for food, rent, power or health costs – things that we recognise as minimal entitlements of prisoners. This Bill might push vulnerable people to committing petty crime in order to survive.

Our social security legislation should be a safety net. This Bill will further erode that. It will not make a positive difference to people or to society. It will not “rescue” people from their situation. It will not rehabilitate them. It will not increase public safety.

The Department of Corrections should be given more resources to take practical steps to address non-compliance. This Bill is not one of them.

Image credit: Nathaniel_U

How to get residents to avoid submitting on proposed zoning changes Christchuch City Council style

The Christchurch City Council is reviewing its district plan, and we live in/near an area that might be subject to rezoning. The Christchurch City Council, like they’re supposed to, is consulting with residents. They’ve sent out information about the proposed zoning changes to ratepayers who might be affected. All good so far.

Except it seems a bit more like an exercise in looking like they’ve consulted with the public. Let me explain.

1) Send 12 jargon-filled A4 pages which say a lot without saying much

I’d argue that a lot of people in Christchurch don’t want to voluntarily deal with more bureaucracy than they need to (think EQC and their insurance company). Because of that a balance needs to occur between sending sufficient information and that information being clear and concise (to avoid as many people as possible putting your mail in the ‘I don’t really care or have time for this’ pile). I’d tentatively argue that including the Draft Residential Chapter (pdf), Draft Commercial Chapter (pdf), and District Plan Review (pdf) information sheets in these mail outs resulted in information overload for many people who would have been better served by simply being sent the smaller (i.e. double-sided A4 sheet), easier to read and more relevant What’s Happening In Your Area sheet. When the actual draft chapters are hundred of pages clear and concise summary information sheets do need to be available, whether they’re mailed out or not.

Some of the information included seems like it’s been copy and pasted from internal material with a very different target audience. Three sentences into the main body of the information booklet Draft Residential Chapter the words “density” and “greenfield” are introduced, both without being defined. Other gems include “housing intensification”, “medium density housing” (defined on the very last page of the booklet), and “city-wide intensification mechanisms”. The “city-wide intensification mechanisms” enable “quick gains”. To the Council’s credit examples are given for what “quick gains” are. “Civic park”, “heritage park”, and “green corridor” are less egregious examples from another information sheet.

The Christchurch City Council weights room
The Christchurch City Council weights room

2) Schedule all of your public meetings for 5:30pm on a weekday

Include so little but so much information in step one that for anyone to properly understand it in order to make an informed submission they’d have to read a lot more information or attend a consultation meeting (or both). Schedule all but one of your public consultation meetings (pdf) for 5:30pm-7:30pm on weekdays. Ignore the fact that residents might still be struggling to navigate the road works on their way home from work at this time, or might be having dinner, or might be putting young children to bed. Get bonus points for sending letters out that are advertising some of these meetings eight days before those meetings are scheduled.

3) Make it hard to find things on your website

What’s your number? To have a look at the district plan review zone map you need to guess which section of a tiny map your house is in. It took me a few tries to find our house, but perhaps that’s my poor sense of direction. Or maybe the City Council could, you know, label areas with names, or let you search by street.

Tiny map? Check.
Tiny map? Check.

4) If huge, potentially controversial changes are being proposed, ensure the diagrams “explaining” them are really confusing

People like things being explained with pictures and diagrams. They might even skip reading altogether and just look at the diagrams. That makes the diagrams that are used pretty important.

In the area of Halswell (pdf) the City Council wants to introduce a commercial centre, quite possibly one of the most controversial things you can do in a suburban area.

“A draft option is to develop a commercial centre on Halswell Road. The area highlighted on the map indicates the area within which the commercial centre could be located. … It is anticipated that this centre would occupy up to 15 hectares of land when it is fully developed.”

15 hectares is about 15 rugby fields.

Let’s compare the map that’s on the back of Halswell’s What’s Happening In Your Area sheet with some other area maps: Barrington, Bishopdale, and Riccarton.

Christchurch City Council 2014 District Plan Review Barrington Map
Barrington. Landmarks are named. The commercial centre is named ‘commercial centre’. All is well.
Christchurch City Council 2014 District Plan Review Bishopdale Map
Bishopdale. Where are we? I can orientate myself because things with names are named. The commercial centre is keyed as a ‘commercial centre’. Awesome.
Christchurch City Council 2014 District Plan Review Riccarton Map
Riccarton. Where am I? Oh, I’m by Westfield Riccarton, which is named on the map. And it’s pink because it’s a commercial centre and that’s the colour for commercial centres. Cool.
Christchurch City Council 2014 District Plan Review Sparks Road Halswell Map
Sparks Road/Halswell

Halswell. Let’s play a game called ‘find my house’. Does that tiny road say Halswell Road along it? Isn’t there a subdivision in that blank gap in the top-left corner now? Why are proposed roads squiggly arrow lines? What is a blue and a green network? By ‘proposed key activity centre’ do they mean ‘commercial centre’? (Yes. Yes they do.) Who really knows? It sure looks like the City Council doesn’t want anyone to work out what’s going on.

It’s also interesting to note that Halswell’s public meeting was on February 27, but there’s no news coverage of it or the proposed changes in general. What’s confusing to the public is confusing to the media too.

Image credits: Health Gauge, Christchurch City Council

“Where would your government be without child porn?”

If it didn’t exist, the government would surely invent it.

Because it’s a great excuse for an internet censorship machine.

This isn’t a debate about whether child sex abuse is right or wrong. You know it’s wrong, I know it’s wrong, we all know it’s wrong. This is a debate about censorship.

Censorship causes blindness

New Zealand has an internet blacklist. A list of content that, if your internet service provider has decided to be part of the filtering project, you can’t access. Images of child sexual abuse are meant to be the only stuff blocked, but the list is secret, censorship decisions happen in private and if international experience is anything to go by, other content has a habit of turning up blacklisted.

What the filter is

Its full name is the Digital Child Exploitation Filtering System. It’s run by the Department of Internal Affairs. It’s powered by NetClean’s WhiteBox, which was supplied by Watchdog Internationalwhich provides filtered Internet access for families, schools and businesses”.

The DIA say that they’re contractually constrained to only use the filter to block child sexual abuse material.

They say that:

“The filtering system is also a tool to raise the public’s awareness of this type of offending and the harm caused to victims. The Group agreed that this particular aspect of the filter needs to be more clearly conveyed to the public.”

So basically, it’s to make it seem like they’re doing something, because it doesn’t actually prevent people from accessing child sex abuse images.

The list is maintained by three people (pdf) (mirror), and sometimes there is a backlog of sites to investigate: “The Group was advised that the filter list comprises approximately 500 websites, with several thousand more yet to be examined.”

How it works

A list of objectionable sites is maintained by the Department. If someone using an ISP that’s participating in the filter tries to access an IP address on the filter list, they’ll be directed to the Department’s system. The full URL will then be checked against the filtering list. If the URL has been filtered, users end up at this page. The user can appeal for the site to be unfiltered, but no appeals have been successful yet (and some of the things people have typed into the appeal form are actually quite disturbing).

Is my internet being filtered?

The internet of 2.2 million ISP clients is being filtered.

It’s voluntary for ISPs to participate in because it wasn’t introduced through legislation, however big ISPs are participating:

  • Telecom
  • TelstraClear
  • Vodafone
  • 2degrees

Others are:

  • Airnet
  • Maxnet
  • Watchdog
  • Xtreme Networks

I assume, for the ISPs providing a mobile data service, the filter is being applied there too.

Why the filter is stupid

Child pornography is not something someone stumbles upon on the internet. Ask anyone who has used the internet whether they have innocently stumbled upon it. They won’t have.

It’s easy to get around. The filter doesn’t target protocols other than HTTP. Email, P2P, newsgroups, FTP, IRC, instant messaging and basic HTTPS encryption all go straight past the filter, regardless of content. Here’s NetClean’s brochure on WhiteBox (pdf), and another (pdf). Slightly more technical, but still basic tools like TOR also punch holes in the filter. The filter is not stopping anyone who actually wants to view this kind of material.

A much more effective use of time and money is to try to get the sites removed from the internet, or you know, track down the people sharing the material. Attempts to remove child sex abuse material from web hosts will be supported by a large majority of hosts and overseas law enforcement offices.

It is clear that the DIA don’t do this regularly. They’re more concerned with creating a list of URLs.

From the Independent Reference Group’s December 2011 report:

“Additionally 18% of the users originated from search engines such as google images.”

Google would take down child sex abuse images from search results extremely fast if they were made aware of them. And it is actually extremely irresponsible for the DIA not to report those images to Google.

Update: The DIA say they used Google Images as an example, and that they do let Google know about content they are linking to.

“The CleanFeed [the DIA uses NetClean, not Cleanfeed] design is intended to be extremely precise in what it blocks, but to keep costs under control this has been achieved by treating some traffic specially. This special treatment can be detected by end users and this means that the system can be used as an oracle to efficiently locate illegal websites. This runs counter to its high level policy objectives.” Richard Clayton, Failures in a Hybrid Content Blocking System (pdf).

It might be possible to use the filter to determine a list of blocked sites, thus making the filter a directory or oracle for child sex content (however, it’s unlikely people interested in this sort of content actually need a list). Theoretically one could scan IP addresses of a web hosting service with a reputation for hosting illegal material (the IWF have said that 25% of all websites on their list are located in Russia, so a Russian web host could be a good try). Responses from that scan could give up IP addresses being intercepted by the filter. Using a reverse lookup directory, domain names could be discovered that are being directed through the filter. However, a domain doesn’t have to contain only offending content to be sent through the DIA’s system. Work may be needed to drill down to the actual offending content on the site. But this would substantially reduce the effort of locating offending content.

Child sex abuse sites could identify DIA access to sites and provide innocuous images to the DIA and child sex abuse images to everyone else. It is possible that this approach is already happening overseas. The Internet Watch Foundation who run the UK’s list say in their 2010 annual report that “88.7%­ of all­ reports­ allegedly­ concerned­ child­ sexual abuse­ content­ and­ 34.4%­ were­ confirmed­ as such­ by­ our­ analysts”.

Someone could just use an ISP not participating in the filter. However people searching for this content likely know they can be traced and will likely be using proxies etc. anyway. Using proxies means they could access filtered sites through an ISP participating in the filter as well.

It is hard (practically, and mentally) for three people to keep on top of child sex abuse sites that, one would assume, change locations at a frequent pace, while, apparently, reviewing every site on the list monthly.

The filter system becomes a single point of attack for people with bad intentions.

The DIA, in their January 2010 Code of Practice (pdf) even admit that:

  • “The system also will not remove illegal content from its location on the Internet, nor prosecute the creators or intentional consumers of this material.” and that
  • “The risk of inadvertent exposure to child sexual abuse images is low.”

Anonymity

The Code of Practice says:

“6.1          During the course of the filtering process the filtering system will log data related to the website requested, the identity of the ISP that the request was directed from, and the requester’s IP address.
6.2          The system will anonymise the IP address of each person requesting a website on the filtering list and no information enabling the identification of an individual will be stored.”

“6.5          Data shall not be used in support of any investigation or enforcement activity undertaken by the Department.” and that

“5.4          The process for the submission of an appeal shall:
•    be expressed and presented in clear and conspicuous manner;
•    ensure the privacy of the requester is maintained by allowing an appeal to be lodged anonymously.”

Anonymity seems to be a pretty key message throughout the Code of Practice.

However…

In response to an Official Information Act request, the DIA said:

“When a request to access a website on the filtering list is blocked the system retains the IP address of the computer from which the request originated. This information is retained for up to 30 days for system maintenance releases and then deleted.” [emphasis mine]

Update: The DIA says that the IP address is changed to 0.0.0.0 by the system.

The site that people are directed to when they try to access a URL on the blacklist (http://dce.net.nz) is using Google Analytics. The DIA talk the talk about the privacy and anonymity around the filter, but they don’t walk the walk by sending information about New Zealand internet users to Google in the United States. It’s possible this is how the DIA gets the data on device type etc. that they use in their reports. Because anyone can simply visit the site (like me, just now) those statistics wouldn’t be accurate.

DCE filter Google Analytics

From the Independent Reference Group’s August 2011 (pdf) minutes:

“Andrew Bowater asked whether the Censorship Compliance Unit can identify whether a person who is being prosecuted has been blocked by the filtering system. Using the hash value of the filtering system’s blocking page, Inspectors of Publications now check seized computers to see if it has been blocked by the filtering system. The Department has yet to come across an offender that has been blocked by the filter.”

I’m not exactly sure what they mean by hash value, but this would seem to violate the “no information enabling the identification of an individual will be stored” principle.

Update: They are searching for the fingerprint of content displayed by the blocking page. It doesn’t seem like they could match up specific URL requests, just that the computer had visited the blocking page.

And, from the Independent Reference Group’s April 2011 (pdf) minutes:

“For all 4 of the appeals the complainant did not record the URL. This required a search of the logs be carried out to ensure that the site was correctly being blocked.”

Appeals are clearly not anonymous if they can be matched up with sites appellants have attempted to access.

Update: The reviewers look at the URLs blocked shortly before and after the appeal request to work out the URL if it isn’t provided.

9000 URLs!

The DIA earlier reported that there were 7000+ URLs on their blacklist. This dropped to 507 in April 2011, 682 in August 2011, and 415 in December 2011. Those numbers are much closer to the 500 or so URLs on IWF’s blacklist.

Where did these 6500 URLs disappear to (or more accurately, why did they disappear?). What was being erroneously blocked during the trial period, or was 7000 just a nice number to throw around to exaggerate the likelihood of coming across child sex abuse images (though, even with 7k sites, the likelihood still would have been tiny)?

Scope creep

Firstly, we weren’t going to have a filter at all:

‘“We have been following the internet filtering debate in Australia but have no plans to introduce something similar here,” says Communications and IT minister Steven Joyce.

“The technology for internet filtering causes delays for all internet users. And unfortunately those who are determined to get around any filter will find a way to do so. Our view is that educating kids and parents about being safe on the internet is the best way of tackling the problem.”’

Then it was said that:

“The filter will focus solely on websites offering clearly illegal, objectionable images of child sexual abuse.”

and

Keith Manch said the filtering list will not cover e-mail, file sharing or borderline material.” [emphasis mine]

One would assume from “images of child sexual abuse” that they would be, you know, images of children being sexually abused. However, it seems that CGI and drawings (Hentai) have made the list.

From the minutes of the Independent Reference Group’s October 2010 meeting:

“Aware that the inclusion of drawings or computer generated images of child sexual abuse may be considered controversial, officials advised that there are 30 such websites on the filtering list [that number is now higher, 82 as of December 2011]. Nic McCully advised that officials had submitted computer generated images for classification and she considered that only objectionable images were being filtered.”

The arguments around re-victimization kind of fall apart when you’re talking about a drawing.

And from the borderline material file:

“The Group was asked to look at a child model website in Russia. The young girl featured on the site appears in a series of 43 photo galleries that can be viewed for free. Apparently the series started when the girl was approximately 9 years old, with the latest photographs showing her at about 12 years old. The members’ part of the site contains more explicit photos and the ability to make specific requests. While the front page of the website is not objectionable, the Group agreed that the whole purpose of the site is to exploit a child and the site can be added to the filter list.”

Clearly illegal, objectionable images of child sexual abuse? No, but we think it should be filtered so we went and did that.

Dodgy DIA

The DIA was secretive about the filter being introduced in the first place. Their first press release about it was two years after a trial of the system started. I wonder how many of those customers using an ISP participating in the trial knew their internet was being filtered during that time?

The Independent Reference Group is more interesting than independent. Steve O’Brien is a member of the group. He’s the manager of the Censorship Compliance Unit. To illustrate this huge conflict of interest, he is the one who replies to Official Information Act requests about the filter. Because the Censorship Compliance Unit operate it.

The Group was advised that the issue of Steve O’Brien’s membership had been raised in correspondence with the Minister and the Department. Steve O’Brien offered to step down if that was the wish of the Group and offered to leave the room to allow a discussion of the matter. The Group agreed that Steve O’Brien’s continued membership makes sense.” [emphasis mine]

That was the only explanation given. That it makes sense that he is a member. Of the group that is meant to be independent.

Additionally, the DIA seems to have accidentally deleted some reports that they should have been keeping.

From Tech Liberty:

“Last year we used the Official Information Act to ask for copies of the reports that the inspectors [have] used to justify banning the websites on the list. The DIA refused. After we appealed this refusal to the Ombudsman, the DIA then said that those records had been deleted and therefore it was impossible for them to give them to us anyway. The Department has an obligation under the Public Records Act to keep such information.

We complained to the Chief Archivist, who investigated and confirmed that the DIA had deleted public records without permission. He told us that the DIA has promised to do better in the future, but naturally this didn’t help us access the missing records.”

List review

The Code of Practice says:

“4.3    The list will be reviewed monthly, to ensure that it is up to date and that the possibility of false positives is removed. Inspectors of Publications will examine each site to ensure that it continues to meet the criteria for inclusion on the filtering list.”

It’s unlikely this actually happens.

Here’s some statistics of how many URLs have been removed.

December 2011
267 removed

August 2011
0 removed

April 2011
108 removed

It’s impossible that between April and August there were no URLs to remove.

In the Independent Reference Group’s December 2011 report it seemed like the following was included because it happens so rarely:

“The list has been completely reviewed and sites that are no longer accessible or applicable (due to the removal of Child Exploitation Material) have been removed.”

The Independent Reference Group has the power to review sites themselves. But in at least one case, they chose not to:

“Members of the Group were invited to identify any website that they wish to review. They declined to do so at this stage.”

 

The filter isn’t covered by existing law and didn’t pass through Parliament. Appropriate checks and balances have not taken place. The DIA did this on their own.

By law, the Classification Office has to publish its decisions, which they do. The DIA’s filter isn’t covered under any law, and they refuse to release their list. The DIA say that people could use the list to commit crimes, but the people looking for this material will have already found it.

What if the purpose of the filter changes? The DIA introduced it without a law change, the DIA can change it without a law change. What if they say “if ISPs don’t like it, they can opt out of the filter”? How many ISPs will quit?

The only positive is that the filter is opt in for ISPs. Please support the ISPs that aren’t using the filter. Support them when they’re accused of condoning child pornography, and support them when someone in government decides that the filter should be compulsory for all ISPs.

 

Side note: why does all of the software on the DIA’s family protection list, bar one, cost money? There is some excellent, or arguably better, free software available. There’s even a free version of SiteAdvisor, but the DIA link to the paid one. Keep in mind that spying on your kids is creepy. Talk to them, don’t spy. The video for Norton Online Family hilariously and ironically goes from saying “This collaborative approach makes more sense than simply spying on your child’s internet habits [sitting down and talking — which is absolutely correct]” to talking about tracking web sites visited, search history, social networking profiles, chat conversations and then how they can email you all about them. Seriously. Stay away.

Image credit: Andréia Bohner

Doing The Government’s Work For Them

Internet surveillance, censorship, and avenues of resistance with anonymity with Jacob Appelbaum, Researcher and Hacker, The Tor Project.

Go watch Jacob’s talk here.
Jacob Appelbaum talkPoints I found interesting:

  • The concept of lawful surveillance. We make it compulsory for telecom providers to make their networks buggable. Would there be outrage if a law was passed that every road must have a camera and microphone on it?
  • If you’re not paying for something, you’re the product.
  • Visualize your cellphone as a tracking device that can also make calls, go on the internet and text people. If the government forced you to carry it everywhere, you’d riot in the streets. They don’t need to; you do their work for them. You carry it with you, willingly.

From Today: Three Strikes and You’re Out

Copyright infringements, from today, come under the poorly worded, poorly debated regime introduced in the Copyright (Infringing File Sharing) Amendment Act. Infringement notices can be sent out 21 days from today, on September 1st.

The aim is to make it easier for rights owners to take action against copyright infringers who download music, movies, TV shows, books, software etc. Peer-to-peer (P2P) file sharing is the intended target, but the law seems like it could include other types of file sharing, which will end up being clarified by the Copyright Tribunal or the courts:

file sharing is where—

  • “(a) material is uploaded via, or downloaded from, the Internet using an application or network that enables the simultaneous sharing of material between multiple users; and
  • “(b) uploading and downloading may, but need not, occur at the same time

Some examples of the software likely covered under the law (if they’re being used to download infringing content) are here.

Process

TorrentingNotices from rights owners are sent to alleged infringers through their internet protocol address provider (effectively their internet service provider), like Telecom, Orcon and Slingshot. The order of the three notices (hence the three strikes name) are a detection notice, warning notice and then an enforcement notice. What notice you’re on is specific to each rights owner, eg. if you’re on the second notice, a warning notice, with Sony, a notice sent from Universal would be a detection notice, the first notice, assuming this is your first run in with Universal. This example, however, seems like it would be muddied if Sony and Universal both use an agent to do their bidding for them and it is the same agent.

There is a 28 day on-notice period after a detection or warning notice is issued where alleged infringements against that rights owner don’t count towards the next notice.

Detection and warning notices expire nine months after the date of the original detection notice. Enforcement notices expire 35 days after they are dated. The expiration of an enforcement notice expires the previous detection and warning notices too.

Rights owners pay $25 + GST to the IPAP for each notice they send through them. IPAPs have said that this won’t cover the set up and ongoing costs that this act cause, which will probably mean higher internet prices for everyone.

Rights owners don’t see an alleged infringer’s personal details.

The Copyright Tribunal

When an alleged infringer is on an enforcement notice, the rights owner can pay $200 to take them to the Copyright Tribunal, which will normally accept written submissions, but a face to face hearing can be requested by either party. Legal representation isn’t allowed at the hearing, but the rights owner will likely be represented by someone who knows what they’re talking about. Fines can be ordered of up to $15,000. There’s a provision in the act for rights owners to apply to a District Court to get an accused’s internet access cut off for up to six months. It’s currently not available, but could theoretically be implemented at any time.

Challenging notices

The normal burden of proof is reversed with an alleged infringer having to prove that they didn’t infringe copyright (how you prove you didn’t do something, I’m not sure). A notice can be challenged by an alleged infringer. Challenges have to be received by the IPAP no more than 14 days after the notice was dated. It’s up to the rights holder whether they reject or accept the challenge. If a rights holder doesn’t respond to a challenge before the close of the 28th day after the original notice was dated, the challenge is deemed to be accepted.

Account holder

The account holder, most likely the person whose name is on the bill, is liable for any content downloaded or uploaded over the connection they pay for. Unlike speeding tickets there’s no way to transfer this liability. Schools and pupils, universities and students, businesses and employees, libraries and library users, parents and children, landlords and tenants or flatmates could all be affected because of this. This also means that account holders are liable for guests or people they don’t even know who might be accessing their unsecured wireless internet (if you’re not sure if your wireless internet is secure, you can Google something like ‘securing wireless internet’ to make sure).

Effect on illegal file sharing

The regime ends up being ridiculous because a moderately technically competent person can get around it easily. Extreme illegal file sharers are probably already protecting themselves using seedboxes or VPNs. More casual downloaders will likely swap to using seedboxes, VPNs, streaming websites, searching file storage websites like Mediafire with Google or downloading audio from YouTube after they receive a few detection notices. There’s also the possibility of them avoiding the regime using mobile internet, which isn’t covered under the law until October 2013, or by using unsecured or free Wi-Fi.

Is this the death of free Wi-Fi? Are Rugby World Cup tourists going to wonder why their accommodation doesn’t include internet access? Are some ISPs going to start blocking all P2P traffic regardless of the legality of it?

It will be interesting to see which rights owners choose to send notices under the new regime. To be honest, I’m not sure how initiating a process that leads to the Copyright Tribunal is going to want to make people spend money with a company.

More information at 3strikesNZ.

Image credit: Jennie Faber

The National Interest of Foreign Espionage

A van was crushed by rubble following the February Canterbury earthquake, containing Israeli tourists. One of them, Ofer Benyamin Mizrahi, was killed instantly. Michal Friedman, Liron Sadeh and Guy Yurdan escaped. It’s been revealed that Israeli involvement after the quake has been investigated by the SIS and the police.

Fact checking

What appears to be the original Southland Times article that broke the investigation seems to have been poorly fact checked and shows a lack of editorial oversight. Shemi Tzur, Israeli’s ambassador in the South Pacific is said to have flown from Australia, where he is based, except a quick Google search shows that he is actually based in Wellington.

The same article talks about a piece of suspected Russian malware named “agent.btz” and says that “attempts to remove the malware have so far been unsuccessful”, which gives the impression that the computers of the United States Military are still infected. The next part of the sentence states that “new, more potent variations of agent.btz are still appearing”, so what is probably meant is that attempts to eliminate the malware out of existence have been unsuccessful, which isn’t surprising considering the nature of malware and software in general.

Red flags

9000 passports!James Bond cameras

The Southland Times article says that Ofer Mizrahi “was reportedly found to be carrying at least five passports.” John Key said “according to his information, Mizrahi was found with only one passport”, of European origin.

The group of three that left Christchurch gave Israeli representatives his Israeli passport. So that makes at least two passports.

Shemi Tzur says that he was handed Ofer’s effects and they contained “more than one passport.” Does that makes at least three passports or does this include the Israeli passport handed off at the airport?

He says it’s common for Israelis to have dual citizenship because Israeli passports aren’t welcome in some countries, which is understandable. However that doesn’t explain why Ofer was traveling with both/multiple passports—I am an expert thanks to watching Border Security on TV and conclude that less eyebrows would be raised at an airport if, when searched, someone wasn’t in the possession of more than one passport.

12 hours

Passport stamps

Within 12 hours of the quake the three remaining Israelis had evacuated Christchurch, driven to the airport by Shemi Tzur himself.

This raised eyebrows because they left Ofer behind in the van, but in their defense there was nothing they could have done and it wasn’t like they were leaving someone injured behind. Guy Yurdan, one of the three, said that Ofer was killed instantly.

The advice from many countries to citizens in Christchurch would have been to get out of there as soon as possible. The potential lack of accommodation, food, and water, plus the risk of further aftershocks would have supported their decision to leave as quickly as possible.

A mysterious seventh Israeli

Concerns were raised about a “mysterious seventh Israeli” who was in New Zealand illegally and was reported missing after the earthquake, but weeks later was reported to have left the country. Not sure whether there was anything suspicious about the person apart from their visa situation.

Five Facebook likes

A Facebook tribute page for Ofer came to the attention of investigators because it only had five likes over four months (now 32). Apparently many Israelis don’t have social network accounts. Perhaps those on Facebook who knew Ofer didn’t know of the page? It seems a stretch to say that this is suspicious.

Four phone calls

It’s been reported that Israel Prime Minister Binyamin Netanyahu phoned John Key four times on the day of the earthquake. John Key says that they only actually spoke once in “those first days.” It seems reasonable that a Prime Minister is hard to get hold of, especially during a state of emergency. I’m not sure what the significance of prime ministers calling each other is, I assume representatives from many countries spoke to John Key as a result of the earthquake.

Two search and rescue teamsMission control

There was reportedly one Israeli search and rescue team but then there were two? Either way it seems at least one either wasn’t allowed access to the red zone or was removed from the red zone by armed personnel. According to Shemi Tzur, a team was sent by the parents of Ofer Levy (other Ofer?) and Gabi Ingel, two Israelis who died in the earthquake.

The article says “Israeli families reacted that way when their children needed help anywhere in the world, often because it was demanded by insurance companies.” Insurance companies often demand that families hire and fly to a foreign country private search and rescue teams when search and rescue is already underway by the country?

Strange.

Perhaps stranger is Hilik Magnus, who runs the search and rescue company in question, Magnus International Search & Rescue:

“He served in the Israel Defence Forces in an elite paratrooper battalion specializing in special operations. He fought in the Attrition War, first lebanon war and the Yom Kippur War, remained a reserve officer for twenty years and served also in the intelligence community.”

Stranger?

Their team entered the red zone “accompanied by police, only to retrieve the personal effects of two people who died.” “There was only one rescue team and it was allowed inside the red zone to accompany police to retrieve backpacks belonging to Mr Levy and Mr Ingel.”

One Israel Civil Defense Chief

The Southland Times article says “In the hours after the 6.3 quake struck: Israel’s civil defence chief left Israel for Christchurch.” The New Zealand Herald reports that Matan Vilnai did visit Christchurch, but nine days later. And not from Israel, but from Australia where he was for a visit.

This doesn’t seem suspicious.

A groups of forensic analysts

An Israeli forensic analysis team sent by the Israeli government worked on victim identification in the morgue. A security audit of the national police computer database was ordered after someone connected that the analysts could have accessed it. The police say that their system is secure. Someone from the SIS says that it could be compromised with a USB drive:

“An SIS officer said it would take only moments for a USB drive to be inserted in a police computer terminal and for a program allowing remote backdoor access to be loaded.”—Stuff

It’s questionable why USB access would even be enabled on computers that have access to such confidential material.

Why New Zealand?

Intelligence

Gordon Thomas, who has written about Mossad says that Mossad trainees, possibly picked during compulsory military service, were usually planted overseas in groups of four. He says that the CIA and MI6 have offices in Auckland and have “held high-level meetings with New Zealand spy bosses”. They want to know what sparked the SIS investigation, what investigations were carried out and what passports the group possessed. He thinks New Zealand is a credible Mossad target because al Qaeda cells could expand into the Pacific Rim. Israel would want to know what our intelligence agencies know, what they are sharing and how good they are at getting information.

He says that Mossad has a reputation for using students as agents and that using two couples is “standard Mossad operation style. The reason they have a man and a woman … it’s easy to pass unnoticed, unchallenged, and the woman acts as back-up.”Passport

Passports

New Zealand passports are readily accepted around the world. Anyone gaining one who had nefarious purposes would likely face no contest at a border. Paul Buchanan, who has worked at the Pentagon says that it’s unlikely the four were Mossad agents because of their age and the apparent low-level task of passport fraud they were undertaking, but they might have been recruits operating as sayanins, the Hebrew word for helper. He says that after the September earthquake, Christchurch may have been seen as a good target to get names of New Zealanders to use for false passports.

 

The three survivors from the van gave an interview to Haaretz, an Israeli newspaper, days after the earthquake. It would seem unlike spies to put themselves out in the public eye like that, but maybe that’s reverse psychology. Who knows.

Image credits: Ian Rutherford, Ludovic Bertron, J Aaron Farr, Tom Raftery

The 2011 Budget and KiwiSaver

Piggy bank savingsKiwiSaver will be affected by National 2011’s budget, but it will still be a worthwhile scheme for nearly everyone under 65 to be in.

  • The member tax credit from the Government (which doesn’t apply to under 18s) accruing from July 2011, is going to be cut in half from $1 per $1 matching to 50 cents to $1 matching. So to get the full match you’ll have to save about $20 a week ($1040/year) and will get a $10 match ($520/year) from the Government.
  • To balance this out, minimum contributions will be raised for employees and their employers to 3% from April 2013 (the other employee options will stay as 4% and 8%).
  • However the employer contribution will be taxed from April 2012 (the 2% minimum will end up being about 1.34-1.79% depending on your tax rate, the new 3% about 2.01-2.685%).

This will affect the un/self-employed because their tax credit will be reduced with no balancing employer contribution. Increased employer contributions will benefit people planning to buy a first home using their KiwiSaver savings as they’re unable to withdraw member tax credits anyway. A likely reduction in pay rises because of the increased employer contributions will affect KiwiSaver and non-KiwiSaver employees.

Standard and Poor’s says that the changes “could push New Zealand further into debt and would need to be part of an overall package to boost national savings.”

The $1000 Government kick-start, the up to $5000 first home deposit subsidy and the requirement of being in the scheme for at least a year before you’re able to go on a contributions holiday are staying.

The kick-start, tax credit and employer contributions are still free money.

Ramit Sethi has an excellent book called I Will Teach You To Be Rich which is available from Amazon and The Book Depository—who have free shipping to basically everywhere. He recommends young people invest about 10% of their income and take advantage of available employer/tax benefits. Eg. contributing the minimum into KiwiSaver, getting the employer match (and if necessary topping up contributions to $1040 to get the $1040/$520 government match, but set it up so it’s done automatically each pay period), then invest the rest of the 10% in a non-KiwiSaver scheme. The main benefit of a non-KiwiSaver scheme compared to KiwiSaver is laxer withdrawal rules—the withdrawal age is likely lower, plus if it’s employer based, employers may contribute a higher amount than in KiwiSaver)

I like SuperLife as a KiwiSaver fund provider because of, among other things, their AIMAge Steps fund which automatically re-balances asset allocation from assets like shares to assets like cash as you age. Mary Holm has a book called The Complete KiwiSaver which is from 2009 but will still be largely relevant to making decisions about things like funds and providers.

Are you in Kiwisaver and why or why not?

Image credit: Alan Cleaver

The Remedy To Be Applied Is More Speech, Not Enforced Silence

Christchurchquake.netHRC pressures King & Spalding to drop case defending the Defense of Marriage Act

King & Spalding, the law firm hired by House Republican leaders to defend the Defense of Marriage Act (DOMA) dropped the case. The U.S. Defense of Marriage Act aims to “define and protect the institution of marriage”. It says that no state etc. is required to recognize a relationship that is considered a same-sex marriage in another state.

It’s concerning when lawyers bow to pressure to not take a case on (or to drop one, in this case) because of public opinion. A similar argument could apply to people accused of rape, murder etc.—that lawyers are horrible people for representing them.

The Human Rights Campaign pressured K&S to drop the case. The cost is capped at $500k and a lot of Americans would rather the focus be on other issues—“when read statements for and against defending DOMA in court, 54 percent of voters oppose the House Republicans’ intervention, while only 32 percent support it.…”.

K&S has a high rating on HRC’s Corporate Equality Index, meaning they hire without discrimination. Just because they were going to defend this viewpoint doesn’t mean they supported it.

The pressure should be targeted at the House Republican leaders and not at the people doing their jobs.

Earthquake moon man silenced

Mr Ring said he also feared he would be prosecuted for inciting a riot following his quake prediction.

“I’ve been virtually told by [ACC minister] Dr Nick Smith and Sir Peter Gluckman [the prime minister’s scientific advisor] that I’m not qualified to put statements out about earthquakes. They will have me legally if I do that.

“Until they reverse that, I’m completely bound to silence. I don’t want to go to jail.

“They said it was like calling out fire in a crowded theatre and that’s against the law — it’s called the riot act, and inciting riot.” –Stuff.co.nz

The Crimes Act defines a riot as “…a group of 6 or more persons who, acting together, are using violence against persons or property…”. It also seems like the Riot Act (or at least the reading of the Riot Act?) was repealed.

To my unqualified eye this seems like a questionable interpretation of the law and a questionable use of status to silence someone.

Website blaming earthquake on gays taken down by host

A website was put up shortly after the Christchurch earthquake at christchurchquake.net (now suspended), blaming the quake on the gay community, and the people supporting it. It was widely covered, including by the Sydney Morning Herald. Bluehost received many complaints about it (in the thousands, according to a source) and said they’d only act if they received a court order to do so (I asked and they said they would accept a New Zealand one), but eventually pulled it down because of a copyright complaint.

People or corporations using copyright complaints to get content taken down that they don’t agree with or would rather not have up isn’t uncommon. In this case a whole site was taken down because of one image.

The complaints used Bluehost’s terms of service, section 9.14 as the reason:

Obscene, Defamatory, Abusive or Threatening Language. Use of the Services to store, post, transmit, display or otherwise make available obscene, defamatory, harassing, abusive or threatening language is prohibited.

Several people have pointed out that web hosts shouldn’t have to decide whether something is legal or not. Bluehost refused to decide and asked for a court order. This reasoning would have been better received by complainers if Bluehost didn’t include clauses in their terms of service that say they will take down a site if it contains x. However I am sure Bluehost isn’t the only host that does this.

The site reportedly suffered a DDoS attack as well, which affected other customers on the same server.

This is a change of tune from what I said immediately after I heard about the website, but I support this decision by Bluehost. The site was in bad taste, however should still be protected as free speech until potentially being deemed illegal by a court. If this had been a pro-gay website and anti-gay people had pressured the host to take it down then succeeded because of a copyright complaint, these same people against this site would be angered.

Bluehost let themselves down by taking down the website because of one copyrighted image. I am curious as to whether the customer behind the website was given a chance to respond to the copyright complaint. They received lots of complaints and bad press about this. This would’ve been a perfect topic for the CEO’s blog on why they weren’t going to take action without a court order.

However this event brings up an interesting idea: that the Internet has unwritten rules and if something or someone goes against those rules, people come together over forums or social media etc. to try fight it. This has happened before with child and animal abuse (the perpetrators tracked down), fights for democracy (help with the spread of information to citizens) and corporations with questionable business practices (unfortunate documents released) and because of the nature of the Internet will continue to happen.

Image credit: Christchurchquake/DomainTools

Shutting Down Skynet: The Copyright (Infringing File Sharing) Bill

Home taping is killing music and it's illegalYesterday the Copyright (Infringing File Sharing) Bill was unexpectedly rushed through Parliament during an urgent session brought about because of the Christchurch earthquake. This morning it was passed and will come into force on September 1st.

Watching the session was frustrating as few contributors truly understood file sharing and the Internet. Gareth Hughes is one of the few who actually gets it. See him talking here, here and here. He brought up a number of good points including:

  • Access to the Internet is vital.
  • Termination not being enacted straight away is just a delay.
  • Many downloads are because content is not even available legally in New Zealand.

@thomaslebas on Gareth Hughes using real tweets in Copyright (Infringing Filesharing) Bill Parliament debate(via)

The Green Party opposed the Bill because the disconnection provision was still included. Labour didn’t like the disconnection provision either, however still supported the Bill. As Labour MP Clare Curran explains on the Red Alert blog:

Account suspension remains in the bill and could theoretically be used in the future, but any Minister who implements termination will have to wear the consequences. It won’t be a Labour Minister.

This happened many times throughout the night: great points against this Bill were brought up (like disconnection; the fact it’s being rushed; that the MPs themselves don’t know what their children are downloading from the Internet, keep in mind that the MP as the probable account holder will be responsible for their children’s downloading), but then the person finished with their overall support of the Bill. Someone (I think on Twitter, sorry I lost the source) summed it up nicely: “they’re fundamentally opposed to something, yet they vote for it”.

Without this legislation copyright holders could still send warning notices, but this legislation is intended to make the process faster and cheaper. Another side effect is that the process will favor copyright holders. After receiving a warning notice from a copyright holder, it is up to the Internet account customer to prove their innocence (reversing the usual burden of proof). This basically assumes that users who have been sent notices are infringers. It is unclear (to me at least) how someone will prove that they haven’t downloaded or uploaded a file. This is concerning because copyright owners seem to get it wrong regularly. For example a University Of Washington study found they could get a copyright warning sent to a printer that wasn’t uploading or downloading copyrighted files. They say:

Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?

Yes. Our results show that some methods used to generate DMCA takedown notices in BitTorrent are not conclusive and may misidentify users. This may also be true for other P2P networks.

A U.S. study found 57% of DMCA notices sent to Google for removal of material were sent by business targeting competitors and 37% of notices were not valid copyright claims. (Source: J Urban & L Quilter, ‘Efficient Process or “Chilling Effects”? Takedown Notices Under Section 512 of the Digital Millennium Copyright Act’, http://static.chillingeffects.org/Urban-Quilter-512-summary.pdf (mirror))

In addition to the maximum $15k fine that the Copyright Tribunal can impose on someone who has received three warnings, there is a provision in the legislation to allow the Commerce Minister to introduce a six month Internet account suspension penalty applied by a District Court. In the United Nations Conference on Trade and Development Information Economy Report, UNCTAD/SDTE/ECB/2006/1, Nov 2006, broadband is recognized as an essential utility for individuals. Disconnection from the internet is a disproportional punishment compared with the effects of illegal file sharing.

The legislation makes the Internet account holder responsible for all Internet use through that connection, treating all content downloaded/uploaded by different people through a connection as one. This may mean that a family member, flatmate or landlord is responsible for other people’s illegal file sharing. This also means that account holders could get the blame for things that people they don’t even live in the house do. The account holders would be responsible for random people accessing poorly protected wireless networks, for example.

Is pirating content really that bad?

The U.S. Government Accountability Office says in a report (via):

U.S. government and industry claims that piracy damages the economy to the tune of billions of dollars “cannot be substantiated due to the absence of underlying studies.”

and

“Some experts we interviewed and literature we reviewed identified potential positive economic effects of counterfeiting and piracy. Some consumers may knowingly purchase a counterfeit or pirated product because it is less expensive than the genuine good or because the genuine good is unavailable, and they may experience positive effects from such purchases. Consumers may use pirated goods to ‘sample’ music, movies, software, or electronic games before purchasing legitimate copies. (This) may lead to increased sales of legitimate goods.”

From a TorrentFreak article:

Although IFPI refused to share the entire research report with TorrentFreak, we can conclude the following from the two pages that were published online (pdf).

Compared to music buyers, music sharers (pirates) are…

* 31% more likely to buy single tracks online.
* 33% more likely to buy music albums online.
* 100% more likely to pay for music subscription services.
* 60% more likely to pay for music on mobile phone.

and

[Mark Mulligan, Vice President and Research Director at Forrester Research who conducted the study for IFPI (who “represents the recording industry worldwide”] has his hands tied and couldn’t say much about the findings without IFPI’s approval, but we managed to get confirmation that paying file-sharers are the music industry’s best customers. “A significant share of music buyers are file sharers also. These music buyers tend to be higher spending music buyers,” Mulligan told TorrentFreak.

TorrentFreak on artists actually profiting from piracy:

A study by Blackburn (2004), a PhD student from Harvard, found that the 75% of the [artists] actually profit from piracy. Blackburn reports that the most popular [artists] (top 25%) sell less records. However, the remaining 75% of all artists actually profit from [file sharing]. The same pattern was found by Pedersen (2006, see graph), who analyzed the change in royalties paid by the Nordisk Copyright Bureau between 2001 and 2005.

Michael Geist on a study of music purchasing habits commissioned by Industry Canada:

When assessing the P2P downloading population, there was “a strong positive relationship between P2P file sharing and CD purchasing.  That is, among Canadians actually engaged in it, P2P file sharing increases CD purchases.” The study estimates that 12 additional P2P downloads per month increases music purchasing by 0.44 CDs per year.

When viewed in the [aggregate] (ie. the entire Canadian population), there is no direct relationship between P2P file sharing and CD purchases in Canada.  According to the study authors, “the analysis of the entire Canadian population does not uncover either a positive or negative relationship between the number of files downloaded from P2P networks and CDs purchased. That is, we find no direct evidence to suggest that the net effect of P2P file sharing on CD purchasing is either positive or negative for Canada as a whole.”

Additionally, downloading doesn’t equal lost sales, some people are trying before they buy. And some people are downloading because they can’t get the content legally.

Labour MP Jacinda Ardern talked about illegal downloading of music hurting small artists, but it’s only the big record companies that you ever hear complaining. Big companies have bigger voices, but small artists are the ones embracing downloads by putting songs up for free on their websites.

A statistic was brought up last night that 90% of people say they will stop downloading illegally after two warnings. There’s a difference between saying and doing and I doubt there’ll be a change.

Will this make those pirates start buying again, or will they just go find the same stuff elsewhere? (via)

Update 17/04/2011: On the InternetNZ blog they point to Amanda Palmer at Webstock 2011 talking about music and giving it away for free. The relevant part starts at 25:00 but her whole talk is worth watching.

Update 19/04/2011: Jonathan Hunt tweeted a link to an episode of This Way Up on Radio NZ. Paul Brislen (from the Telecommunications Users Association Of New Zealand) and Peter Griffin (the Herald’s technology blogger) do a role play of what the notice process could be like, it starts around a third of the way in. You can listen here (MP3).

Some good points brought up:

  • Generally no legal representation is allowed at the Copyright Tribunal. There will be mums and dads who have no idea what is going on, trying to prove their innocence. There will be ignoring of notices out of confusion.
  • This could end up costing IPAPs (defined in the Bill as traditional ISPs; not universities, libraries, and businesses) who estimate costs as $14 to $56 per notice. It is noted in the Bill “that the United Kingdom has recently decided on a cost-sharing approach between rights holders and Internet service providers, at a ratio of 75:25 respectively”. ISPs overseas receive a huge number of these notices each day.
  • If you have a business with 5000 employees, how do you track down whose actions resulted in a copyright warning being sent?
  • If an Internet account is suspended, is the suspension meant to apply to all ISPs? If yes, is there going to be a database of offenders (potential privacy concerns). If no, couldn’t someone call another ISP and sign up with them?
  • This is only targeting P2P file sharing. If someone illegally downloads directly from a website, they’re unlikely to be tracked down unless website logs are kept and are requested by rights holders through the courts.
  • The regime won’t apply to mobile networks until August 2013. It is even easier to “sign up” for a new account; go down to the supermarket and buy another SIM card.

Update 4/06/2011: The United Nations has released a significant report (PDF) relating to freedom of expression on the Internet. A couple of paragraphs are extremely relevant to this post:

49. …he is alarmed by proposals to disconnect users from Internet access if they violate intellectual property rights. This also includes legislation based on the concept of “graduated response”, which imposes a series of penalties on copyright infringers that could lead to suspension of Internet service, such as the so-called “three-strikes-law” in France34 and the Digital Economy Act 2010 of the United Kingdom.35

78. …cutting off users from Internet access, regardless of the justification provided, including on the grounds of violating intellectual property rights law, to be disproportionate and thus a violation of article 19, paragraph 3, of the International Covenant on Civil and Political Rights.
79. …the Special Rapporteur urges States to repeal or amend existing intellectual copyright laws which permit users to be disconnected from Internet access, and to refrain from adopting such laws.

Image credit: Gary Denham