New report on regulation of Encryption highlights need to balance government powers with people's rights
This newly released Law Foundation-funded report identifies principles and values for informing future developments of encryption-related laws in New Zealand. It highlights the need to strike a balance between the competing concerns of human rights and freedoms with those of law enforcement and public order values.
The report, entitled “A Matter of Security, Privacy and Trust: A study of the principles and values of Encryption in New Zealand”, reveals that under the Search and Surveillance Act 2012, law enforcement officers have the power to search and seize encrypted data and computers. This includes the authority to compel users and providers to give up their passwords and access information such as encryption keys. In addition, companies can be required to provide reasonable assistance to allow law enforcement officers to gain access to encrypted data, services and devices. Under the Telecommunications Act 2013, network operators and service providers have a duty to offer reasonable assistance to intercept and collect communications. NZ Customs has the power to demand passwords and order the decryption of smartphones and other electronic devices as part of customs and border searches.
Principal investigator Dr Michael Dizon, says the problem with these powers is that there are no express standards and guidelines with respect to how they are carried out, especially in relation to human rights. Forcing suspects to disclose their passwords may infringe their right against self-incrimination. Requiring a company to create backdoors or vulnerabilities in encryption to allow the police access to a suspect’s data may jeopardise the privacy and security of all its other clients. “There is a potential then for misinterpretation, misapplication and possible misuse of these powers,” Dr Dizon says.
NZ Law Foundation has contributed $59,000 towards this research report through its Information Law and Policy Project
*Encryption is a process of scrambling information to protect it against unauthorised access, alteration or distribution. This technology helps ensure the confidentiality, integrity and authenticity of data and communications. The security and privacy of internet banking, online shopping, cloud services, data storage, secure messaging and many other products and services depend on encryption.