Today in Question Time John Key gave an assurance that the interception of New Zealanders' metadata would require an access authorisation. But while its good to hear, its not quite true. Why not? Let's take a look at the law:
What do you need a warrant or access authorisation for? According to new section 15A, "the use of interception devices to intercept communications". A "communication"
includes signs, signals, impulses, writing, images, sounds, or data that a person or machine produces, sends, receives, processes, or holds in any medium
Metadata is data, signals travelling over the network. So its clearly a communication which can be intercepted using a warrant. But that's not enough to make us safe. Why? Because that clause only applies to interceptions requiring the placement or connection of an interception device. Where that's not necessary - for example, when an interception device has already been installed, or when one is used which is not limited to a particular place (as is the case with sniffing WiFi or cellphone traffic), or when the information is gained by computer hacking rather than a physical tap - then an interception can be made under Section 16. Previously, this was targeted only at foreign communications, but the spy bill would remove that word and allow warrantless interception of domestic communications as well. And while it would insert a clause forbidding its use to intercept the private communications of New Zealanders, it is unclear whether that term (as defined in the Search and Surveillance Act) covers metadata (furthermore, resting as it does on "reasonable expectations" of privacy, pervasive state surveillance seems to permit itself by undermining those expectations and instead creating an expectation that you will be spied on).
So, if Key passes the law, the GCSB will be able to use existing taps, hacking, or sniffing to access your metadata, without needing any form of warrant or outside authorisation. The Prime Minister's statement in Parliament today was simply a lie.