Thursday, October 09, 2014

We need more transparency from our telecommunications providers

A couple of days ago Twitter announced that it was suing the US government for the right to publish proper details of the demands for user data and communications it has received (or not received from them). Which caused Vikram Kumar to ask why there wasn't such transparency reporting in New Zealand:

Why aren’t we seeing similar moves here? Why aren’t New Zealand service providers publishing transparency reports to show how many government requests for user information they get?

I’m not aware of any law or practice that prevents them from publishing annual or six monthly transparency reports. But there may well be so if anyone is aware of a law, regulation or standard practice please put it in the comments.

Transparency reports are about aggregate numbers broken up into meaningful categories. They don’t interfere with law enforcement operations or privacy.

Its not entirely true; Vodafone included partial statistics on New Zealand interception warrants in its Law Enforcement Disclosure Report. This revealed that the New Zealand Police had gained 34 interception warrants for Vodafone's network in 2013. Subsequent media work forced Telecom to admit it had handled about 40 interceptions over the same period. However, this is well short even of the 104 interception warrants declared by police in their annual report [p. 109], let alone SIS and GCSB warrants. And it does not include any information on production orders for access to metadata or TXTs. The latter is potentially a widely-used intrusion (so wide that its used to track sleeping drivers), but not even the police count them. Which suggests that our telcos and ISPs certainly should.