Thursday, July 16, 2015

Watching the state

Back in March, the Herald reported that the police were routinely demanding personal information from New Zealand companies - and receiving it - without any form of warrant or statutory authorisation. Now, the Privacy Commissioner has started tracking these demands:

The number of times agencies such as the Police and Inland Revenue receive personal data from a range of companies is to be revealed.

Companies that hand over the information - often without a warrant or the knowledge of the customer - will now be asked to provide a record of requests to the Office of the Privacy Commissioner, which will publish a record.


Mr Edwards said his office has been working on a pilot transparency reporting project, and had found an initial group of agencies and stakeholders generally supportive.

"This year we intend to trial asking companies to keep a standardised record of requests for information from law enforcement agencies and to report this information to us. We will then publish this information."

But while this is good news, and it will give some idea of who the police's biggest targets are, it seems like a clumsy way to gather this information. Why not go to the source and ask the police? The obvious conclusion is because they have refused to cooperate. Secondly, while its great to have data on these demands for information, its not enough. To point out two examples, police can demand extremely intrusive personal information, such as phone and internet metadata, or even the content of messages themselves, using a production order, while Customs can seize your phone or laptop at the border, snarf its contents, and go through literally every aspect of your life. And neither even bothers to count how often these powers are used, let alone keep statistics on who they target and how often such searches are successful. If the Privacy Commissioner wants to start keeping tabs on state invasions of privacy, tracking the use of these two search powers would be a great start.