This thread is for formulating and discussing proposals for PPNZ's official policy on privacy from electronic surveillance. Proposals and ideas will be collated on the wiki page Policy Committee Proposals on Privacy from Electronic Surveillance (linked)

If you would also like to discuss this topic on IRC, please raise this in the thread, and the Policy Committee will try to arrange a meeting time. To help us select an appropriate time, please ensure you update your preferences in the poll Board index > General > Polls > What time of the week should PPNZ have IRC meetings? (linked)

The process will be as follows:

• Members have the opportunity to put forward and discuss proposals
• Proposals are collated, and a last call is made for member input--see here (linked)
• Voting instructions are posted, and voting is open for at least 5 days--see here (linked)
• Results of the vote are posted--see here (linked)

This post is relevant (including a mention of automatic number plate recognition):
This is a good presentation on privacy (linked)

As a starting point, perhaps as technology evolves, our government, and governments in general, should attempt to keep the effects of the new technology "privacy-neutral"

For example, in the case of numberplate recognition cameras mentioned by Thomas Beagle the government should recognise that data collection and data matching between cameras is analogous to GPS tracking which requires a warrant and under the 'privacy-neutral' principle, as quickly as possible put in place laws so that data matching of numberplate cameras also requires a warrant.

Strangely enough, I was approached at work today by an agent of the GCSB to join them, and she was most insistent that my skills are required there. I practically did all but mention that I know she is an agent, as her son has mentioned to me, and even though I mentioned a few reasons why I'll never work for the GCSB, she still didn't understand why I don't want to work at a place with bad pay, no official credit for work, no sharing of research and extreme social restrictions associated with the security clearance.

It's bad enough the secret service intercept everything I do online, without being hassled in my workplace by an agent of the secret service.
I will be making a complaint tonight, this is unreasonable for one of their agents to hassle me about signing up to become part of the problem with surveillance.

Kiwipeso.

I'm going to play devil's advocate here.

If someone were to attach a GPS device to my car without my knowledge or permission they would be tampering with my property, and I would also oppose a law that required GPS devices on vehicles. If I oppose this, then I think this gives me a basis for opposing the collection, storage, and transmission of data from it. I've never objected to having a number plate though, which is a unique identifier publicly displayed in black and white (literally). If I don't object to having a publicly visible unique identifier on my car, can I still make a case that some use of this information violates my privacy? Would I perhaps have to claim that I've only agreed to having a number plate on my car on the understanding that this information only be used in certain ways? We do have expectations that information we supply to the government be used in limited ways, but can this also apply to publicly displayed information?

What are the moral and legal implications of sousveillance (e.g. the public tracking the police) or members of the public monitoring other members of the public, and how does this relate? If certain use of number plate information by police is considered breach of privacy, then should it be illegal for any people, organisations, or business (not just government ones) to use this information in certain ways, and what exactly are those ways? I've told my son not to photograph other people without their permission--I think it's rude if nothing else--but do people actually have a moral or legal right to prevent this? Do we hold the government to a higher standard here? Perhaps the basis for objection is that the government ought only act in the public interest and in accordance with the public's wishes, and use of this data is not in the public interest, or in accordance with the public's wishes?

[EDIT: Perhaps a general rule might be that the police should require a warrant to do anything that it's not legal for a member of the public to do?]

Another thought: There have previously been suggestions of including some form of 'direct democracy' in Pirate Party policy. As I've written in another thread, I'm not in favour of the use of referenda to set legislation in all cases (linked), and AFAIK other methods of crowd-sourcing decision making aren't up to the task yet (hopefully one day, but not today). That said, I think the area of what the Government should be allowed to do when people's privacy is an issue is probably well suited to veto by referenda.

So as another suggestion for a general principle: The Government should not begin collecting data about citizens (unless they can opt out?) without having it approved by referenda first.

This is a very rough attempt at a summary of privacy policies from other pirate parties.

Government surveillance limits

• Government surveilance requires good grounds / warrant: 9 (Belgium, Bulgaria, Canada, Czech, Denmark, Luxembourg, Portugal, Russia, UK)
• Government surveillance limited: 2 (Brazil, Switzerland)
• Government surveillance trogans limited: 3 (Austria, Germany, Switzerland)
• Government data sharing limited: 3 (France, Germany, Luxembourg)
• DNA records limited: 3 (Kazakhstan, Luxembourg, Switzerland)
• Government public (video) surveillance limited: 2 (France, Switzerland)
• Government public (video) surveillance notices required: 1 (Czech)

Government privacy pro-active measures

• Government privacy watchdog: 2 (Austria, Belgium)
• Government surveilance disclosure required: 2 (Australia, Belgium)
• Government to make people's records available to them: 1 (Luxembourg)

General/non-government

• Privacy applies equally to all forms of communication: 9 (Bulgaria, Canada, Denmark, Finland, Italy, Luxembourg, Portugal, Sweden, Switzerland, also Uppsala Declaration)
• Data retention directive repealed: 3 (Austria, Czech, Portugal)
• Non-government surveillance forbidden: 2 (Belgium, Kazakhstan)
• Non-government data collection notification required: 2 (Belgium, UK)
• Employer surveillance limited: 3 (Bulgaria, Canada, Denmark)
• CCTV use limited: 2 (Kazakhstan, Switzerland)

Cryptography

• Cyrptography explicitly permitted: 3 (Italy, Kazakhstan, Russia)
• Cryptography encouraged: 2 (Denmark, UK)

Enforcement

• Compensation for privacy breach: 2 (Kazakhstan, UK)

A good comparison.

The government and many private companies collect information from us, but are bound by the privacy act in what they may use it for and who they may share it with. When it comes to things like number plates that information is shared with everybody, but perhaps we need to restrict 'everybody' by law.

There are legitimate times when one might need to record or look up a number plate such as looking for stolen vehicles (police) or enforcing private parking restrictions (businesses), and even ANPR might be acceptable for these purposes, but we might want to put some restrictions on how long those records can be kept, how much they can be compared with other similar information where the effect becomes 'surveillance', and who they can be shared with.

And those restrictions should apply to private individuals and businesses just as much as the police. Not more. Not less.

Now, how do we develop this into a more general policy?

Thinking about this, I'm not sure. At what point do we have a right to search for and forcibly remove information about us that we suspect is held by a nosey neighbour? (Especially if they're not suspected of actually trespassing and planting bugs or anything, but only collecting publicly available information.) We have a right to decide what the Government should and shouldn't do because they're working on our behalf, and I'm okay with democratically agreed restrictions on commercial activity to an extent, but I'm less keen on restricting personal non-commercial activities in general.

Protecting privacy is undoubtedly a good cause, but even when pursuing a good cause, we need to be mindful that we don't end up using questionable means to do it. I think the DIA's attempt to address child pornography is instructive here, because child pornography is, IMHO, essentially an extreme kind of invasion of privacy. The DIA has ended up invading people's privacy (by snooping on Internet connections) in an attempt to address child pornography, so, IMHO they're essentially invading privacy in an attempt to protect privacy.

It may be worthwhile looking into anything that can be done to reduce the unnecessary disclosure of private information in the first place, because otherwise I think we may end up essentially trying to belatedly close the proverbial stable door. Simply outlawing an easy invasion of privacy may sound good in theory, but for this to work, either those who would invade our privacy must voluntarily decide to obey the law (and we already know this is not going to happen), or we must perpetually monitor and control their activities to ensure they do (which may require international government cooperation in monitoring and controlling people that itself invades people's privacy).

No doubt there are many cases where prevention isn't possible, but I think that because new privacy issues have only recently begun to come about with modern technology, there's a considerable amount that people could be doing to protect their privacy, but generally aren't, like all this kind of stuff: Encrypt all the things! (linked).

For a start, if we got Government-run organisations supporting security measures like DNSSEC and PGP/GPG signing/encrypting e-mail for communication with the public (anything else?), then perhaps we could help get past the chicken/egg problem with potentially beneficial privacy measures, and kick-start broader adoption (which would eventually help to protect citizens from their governments).

It goes both ways. I shouldn't systematically observe my neighbour either and if they're watching me but they don't do anything with that information and I don't notice, am I really harmed?

At the moment most individuals won't have access to ANPR cameras but we already have tiny keychain cameras, night-vision IR cameras, home-built UAVs, tiny cameras and GPS in every phone. And we already have a few laws about filming people where there is a 'reasonable expectation of privacy' even when they're in public places, or putting tracking and other spy software on other people's phones or computers remotely.

I can see already this is going to be a very controversial area. People have very different ideas of how much privacy is reasonable.