InternetNZ’s submission to the Privacy Commissioner on the draft Telecommunications Privacy Code will focus on its reservations about telecomms user anonymity and the destruction of traffic records.
These two points — concerning Rule 1(2) and Rule 9 of the proposed code — were highlighted publicly last week by the Internet Safety Group and Children’s Agenda, a group led by former Commissioner for Children Ian Hassall, as possibly handicapping investigations into criminal offences by removing possible evidence.
Rule one says: “Whenever it is lawful and practicable, individuals must have the option of not identifying themselves when dealing with a telecommunications agency.” Rule 9 suggests customer information not required for billing purposes be erased after the telecommunication is completed, traffic information for no longer than six months from its generation.
ISG spokeswoman Liz Butterfield says the code was brought to her attention by an address from InternetNZ vice-president Rick Shera at last month’s internet symposium in Auckland.
Besides the primary concern of the two organisations to assist the detection of crimes ranging from fraud to trade in objectionable material and child abuse, Shera is concerned that with the deadline for submissions on the privacy code set at March 22 and the Law Commission scheduled to report on the Privacy Act next month, internet service providers might decide on policies they will then have to reverse.
“If the Privacy Commissioner decides on a set of principles, ISPs react and the Law Commission later says ‘we’ve gone too far down the track’, then [the provisions the ISPs have made] will be almost impossible to rewind,” Shera says.
It therefore makes sense to delay the final consideration of the code until after the Law Commission report, he says.
Although deliberation on the code has been going on since 1977, and submissions were originally intended to close in August 2001 (see Computerworld, August 20, 2001), a large number of people are still unaware of the code’s existence and should have the opportunity to comment, Shera says.
InternetNZ, formerly the Internet Society (ISOCNZ), only began giving the proposed code close attention at the end of last year, he says, and began writing its submission in February. It is still a draft.
The anonymity provision was lifted directly from an Australian privacy code. Despite having spoken with the Privacy Commissioner’s staff, says Butterfield, it is still not clear what kind of anonymity is being requested — anonymity of dealings between customer and telco/ISP or anonymity of the customer’s dealings with third parties using the ISP’s services. The latter would be more pertinent where evidence of crime is involved. The former, an unattributable source says, would protect the customer if he wanted to register a formal but anonymous complaint about the ISPs or telco’s services.
Perhaps what is intended, Shera suggests, is a scheme whereby a customer can operate on a day-to-day basis without being identified, but if there is any cause for suspicion of a crime, there will still be a common key to attach that individual’s real identity to his/her past telephone or internet traffic. This is more accurately called pseudonymity, he says.
In any case, Butterfield and Shera agree, wider discussion of the code is needed. This, Butterfield says, is the only reason she raised the topic publicly. She did not intend to start a scare that online criminals may be about to escape the law.
The proposed code can be seen here.