Chapter 17
Search and surveillance requests

International obligations

17.44MACMA should give effect to New Zealand’s existing international obligations to provide assistance. The leading international instrument in relation to this type of assistance is the Budapest Convention.792 The Budapest Convention is a multilateral treaty adopted by the Council of Europe in 2001. It serves both as a guideline for any country developing comprehensive national legislation against cybercrime and as a framework for international cooperation between state parties.

17.45The Convention was based on more than a decade of discussions in the United Nations, the G8, the OECD, and various other European and non-European organisations. As at October 2014, it had been ratified by 43 countries (including Australia, the United Kingdom, and the United States) and signed by an additional 10 (including Canada).

17.46New Zealand is not a signatory to the Convention. However, Part V of the Harare Scheme, of which New Zealand is a member, and the associated Model Legislation were drafted to give effect to the chapter governing international cooperation in the Budapest Convention. Therefore, while New Zealand is not legally bound by the Convention, it has made a non-legally binding commitment to work towards compliance.793
17.47As recently recognised by the Commonwealth Working Group of Experts on Cybercrime,794 there are very good reasons for New Zealand to sign and ratify the Budapest Convention including:

17.48This approach aligns with the extensive work that is being undertaken throughout the public sector at present to address cybercrime and to work towards compliance with the Budapest Convention.

17.49In light of these observations, we consider that the provisions in MACMA should accord with the Budapest Convention wherever that is possible without contravening New Zealand’s domestic search and surveillance regime.

International cooperation under the Budapest Convention

17.50Chapter III of the Convention begins by stating the fundamental principle that state parties shall cooperate with each other:

… to the widest extent possible for the purposes of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

17.51After outlining other general principles, the chapter shifts to list specific types of mutual assistance that the state parties are obliged to provide to each other.

Preservation (and limited disclosure) of stored computer data

17.52Under the Convention, one state party may request another to urgently preserve data stored on a computer system in that country’s territory, pending a formal mutual assistance request for search and seizure.795 This is a temporary measure that is primarily directed at preserving data held by telecommunications companies and other service providers that are routine carriers of data.
17.53Preservation under the Convention may be achieved by “order or otherwise” and must last for at least 60 days.796 Notably, the obligation is framed so that a requested country must “take all measures to preserve expeditiously the specified data in accordance with its domestic law”.797
17.54If a preservation request relates to a specific communication and the requested country discovers that other service providers were also involved in the transmission, the Convention creates an additional obligation.798 The requested country must disclose sufficient information about the communication to the requesting country to allow it to identify the other service providers and formulate further preservation requests.

17.55There is currently no general provision in the Search and Surveillance Act allowing for data on a computer system to be preserved, pending the execution of a domestic search warrant or production order. However, it may be that service providers routinely preserve this data for limited periods in their ordinary course of business, and the destruction of data before the Police are able to obtain a search warrant or production order does not seem to have been a problem in domestic cases. In those circumstances, there may be no need for a formal preservation order process or for the service provider to disclose information about other parties to a communication. The relevant data may still be adequately preserved.

17.56Whether this informal preservation process would be sufficient to comply with the Budapest Convention is really a domestic law issue.799

Searches of stored computer data

17.57The Convention provides that one state party may request another to search, seize, and disclose data stored by means of a computer system located within the requested country’s territory and that a response can be expedited.800
17.58New Zealand can already provide this type of assistance to foreign countries. The Search and Surveillance Act explains that the search of a place, vehicle, or thing extends to the search of any computer system or data storage device located there.801 “Computer system” is defined broadly to include computer networks and internet data accessible from the computer, even if a password is required.802 The user may be required to provide passwords. These rules apply equally in a MACMA context.803
17.59Neither the Search and Surveillance Act nor MACMA, however, contain a specific provision enabling the search warrant process to be fast-tracked if there are concerns surrounding loss or modification of stored computer data. At present, a mutual legal assistance request under MACMA must contain advice from the requesting country as to whether urgent compliance is necessary.804 If there is a case for urgency, there is scope for the Attorney-General, the Police, and the courts to respond accordingly, without the need for this to be directed by legislation.805

Interception of traffic (metadata) and content data

17.60Under the Budapest Convention, the requested country must provide real-time collection of traffic and content data to the requesting country in criminal matters.806
17.61Traffic data is the information generated by a computer system about a communication. It may include the communication’s origin, destination, route, time, date, size, duration, and the type of underlying service.807 This type of interception assistance is, in general, governed by the conditions and procedures provided for under the requested country’s domestic law.808 The obligation in the Convention requires:809

Each party shall provide such assistance at least with respect to criminal offences for which real-time collection of traffic data would be available in a similar domestic case.

17.62For law enforcement purposes, New Zealand is only able to collect traffic and content data in “real time” using the surveillance device regime in the Search and Surveillance Act. A slightly slower alternative option in relation to routinely stored traffic and content data would be to obtain a prospective production order.810 This would allow a telecommunications company to disclose the relevant data to the Police, as and when it came into existence. However, New Zealand does not currently provide either of these types of assistance for criminal matters to foreign countries under MACMA.
17.63To fully comply with the interception obligations in the Budapest Convention, New Zealand should amend MACMA to allow its authorities to obtain a surveillance device warrant on behalf of a foreign country. If MACMA was simply extended to include production orders, this might allow for technical compliance.811 Nothing in the Budapest Convention would prevent New Zealand from making these forms of assistance subject to stringent conditions.


Q67 How should powers to intercept data in New Zealand be used in respect of criminal investigations and prosecutions in a foreign country?

The Harare SchemeTop

17.64The Harare Scheme contains two further types of search and surveillance assistance that are not outlined in the Budapest Convention.

Covert electronic surveillance

17.65The Harare Scheme provides assistance for covert electronic surveillance.812 Such surveillance is defined by reference to the use of a device to transmit, record, or otherwise capture audio product, visual images, or information about position or location.813 The definition expressly excludes the use of a device primarily designed for the interception of telecommunications.
17.66A request for covert electronic surveillance must include:814
17.67This form of assistance is a catch-all for surveillance requests that do not relate to the interception of telecommunications data governed by other paragraphs in the Harare Scheme and Budapest Convention.815 Together, the Scheme and the Convention cover the full range of surveillance currently available in New Zealand under the Search and Surveillance Act. Again, the existence of a best-practice obligation to provide covert electronic surveillance suggests that New Zealand’s surveillance device warrant regime should be extended, in principle, to give assistance to foreign countries.


Q68 How should covert electronic surveillance powers in New Zealand be used in respect of criminal investigations and prosecutions in a foreign country?

Subscriber information

17.68Under the Harare Scheme, a request may be made for the provision of subscriber information.816 Subscriber information is any information held by a service provider relating to the name, address, telephone number, email address, Internet Protocol address, or similar identifier associated with a subscriber to any telecommunications service.817 Such a request may be “directly transmitted to an agency or other authority competent to receive such a request under the laws of the requested country”.818
17.69In New Zealand, this information may, on occasion, be publicly available.819 Where it is not, the Attorney-General could provide this form of assistance at present by authorising the Police to obtain subscriber information by executing a search warrant. However, this would be an expensive and time-consuming mechanism for provision of this form of assistance. It would also not be in keeping with the desired emphasis on speed suggested by the reference to direct transmission of such requests.

17.70The reference to speed tends to suggest the possibility of skipping the Attorney-General’s usual gatekeeping function. We do not think that this would be appropriate, unless the information was publicly available. A production order would, however, provide a less intrusive and less expensive way of providing this form of assistance where the information is private.

792Budapest Convention, above n 745.
793Not only is New Zealand a party to the Harare Scheme, it also developed an Action Plan to Fight Cybercrime in 2011 with the Quintet Commonwealth countries (Canada, the United Kingdom, the United States, Australia and New Zealand). The Action Plan concluded that all Quintet countries should take steps to become parties to the Budapest Convention.
794Report of the Commonwealth Working Group on Cybercrime (May 2014) at [2.25] and [2.26].
795Budapest Convention, above n 745, art 29.
796Budapest Convention, above n 745, art 29(1) and (7).
797Budapest Convention, above n 745, art 29(3).
798Budapest Convention, above n 745, art 30.
799The explanatory note in relation to cl 27 of the Commonwealth Model Legislation on Mutual Legal Assistance in Criminal Matters (2014) expressly notes that “this form of assistance can be obtained without the need of a formal request or a legislative basis”. Further, the United Kingdom, which has ratified the Budapest Convention, appears to rely on an informal process outside of its Crime (International Co-operation) Act 2003 to preserve stored computer data on behalf of a foreign country. The Home Office’s most recent Requests for Mutual Legal Assistance in Criminal Matters: Guidelines for Authorities Outside of the United Kingdom, above n 787, at 19 states: “Communications companies in the UK normally retain IP data for between 30 days and 12 months. Billing and communications data (cell site) is held for 6-12 months for pay as you go and up to six years for contract phones. Specialised services such as cell dumps are normally only available for a matter of days. It is possible to request the preservation of telecommunications data via Interpol pending the execution of an MLA request.”
800Budapest Convention, above n 745, art 31.
801Search and Surveillance Act 2012, s 110(h).
802Search and Surveillance Act 2012, ss 3 and 130.
803Mutual Assistance in Criminal Matters Act 1992, s 44(3).
804Mutual Assistance in Criminal Matters Act 1992, s 26(c)(v).
805The issue of whether MACMA should contain a more detailed urgency procedure of general application is discussed in ch 21.
806Budapest Convention, above n 745, arts 33 and 34.
807Budapest Convention, above n 745, art 1(d).
808Budapest Convention, above n 745, arts 33(1) and 34.
809Budapest Convention, above n 745, art 33(2).
810Section 70 of the Search and Surveillance Act 2012 defines “document” in relation to production orders as including: “call associated data and the content of telecommunications in respect of which, at the time an application is made under section 71 for a production order against a network operator, the network operator has storage capability for, and stores in the normal course of its business, that data and content”.
811That is because the Convention only states that the interception of traffic data must be available in relation to the same range of criminal offences as it would be available for domestically, and a production order could be used to collect traffic data shortly after it is created, if not in real time.
812Scheme Relating to Mutual Assistance in Criminal Matters within the Commonwealth including amendments made by Law Ministers in April 1990, November 2002, October 2005 and July 2011 [Harare Scheme] at [26].
813Harare Scheme, above n 812, at [2(3)] and the associated explanatory note.
814Harare Scheme, above n 812, at [26(2)].
815Harare Scheme, above n 812, at [23] and [24]; and Budapest Convention, above n 745, arts 33 and 34.
816Harare Scheme, above n 812, at [27].
817Harare Scheme, above n 812, at [2(3)].
818Harare Scheme, above n 812, at [27(1)].
819For instance, where it is included in a telephone directory or in contact details provided online.