Coping with the challenges of the Digital Paradigm and the discourse that it enables has exercised Governments for some time. Following the 2010 case of Police v Slater, where the notorious blogger “Whaleoil” was prosecuted for breaching suppression orders the then Minister of Justice Simon Power requested the Law Commission to undertake a review of what he described as the “wild west” of the Internet.
The Law Commission was tasked with examining the adequacy of regulations around how the Internet interacted with the Justice system. In particular Mr Power observed that bloggers and online publishers were not subject to any form of regulation or professional or ethical standards. He considered it imperative that the law keeps pace with technology and that there was one set of rules for all news media.
The review that was conducted by the Law Commission produced an Issues Paper in December 2011 but its work was interrupted by a request by the then Minister of Justice Judith Collins to expedite recommendations relating to the adequacy of the sanctions and remedies available for harmful digital communications following a series of NZ Herald articles about cyberbullying.
The Commission provided a Ministerial Briefing Paper, Harmful Digital Communications: The Adequacy of the Current Sanctions and Remedies (August 2012) containing recommendations and a proposed Bill. The Harmful Digital Communications Act followed in 2015.
The Law Commission delivered its final report in 2013 - The News Media Meets ‘New Media’: Rights, Responsibilities and Regulation in the Digital Age (NZLC R128, 2013). However, its recommendations were overtaken by events. Online news media publishers set up the Online Media Standards Authority which was subsequently folded into the Press Council which renamed itself the New Zealand Media Council.
The provisions of the Broadcasting Act 1989 and the establishment of the Broadcasting Standards Authority remains, although the BSA issued a new Code in 2022. There were a few changes to the Films Videos and Publications Classification Act the address video streaming and take down orders. And there, as far as regulatory frameworks were concerned, things remained.
In February 2019 the then Minister for Internal Affairs, and Broadcasting, Communications and Digital Media, Kris Faafoi agreed to carry out a comprehensive reform of New Zealand’s media content regulation system. This review was put on hold after the 15 March Christchurch Massacre and the intervention of Covid 19 meant that this project was “reprioritized”. It was revived in February 2021 when a Cabinet briefing initiated a broad review of the content regulatory system which is being managed by the Department for Internal Affairs.
The rationale for this review and the subsequent papers and work that has been done is that the present regulatory system is no longer fit for purpose in the Digital Paradigm. Little or no discussion features in any of the papers to explain why this is so, or in what way the present system is failing. The Law Commission’s work surrounding media regulation that resulted in the 2013 Report does not rate a mention. Certainly the business models of mainstream media are being significantly disrupted, but this does not mean that existing regulatory systems are wanting.
That said the way in which the Harmful Digital Communications Act (HDCA) operates has some shortcomings. The decision of the Government of the day to abandon the idea of a dedicated Communications Tribunal that could swiftly deal with online harms was a mistake. The individualized nature of the complaints system and the exclusion of groups from the ambit of the legislation is also a shortcoming. These can be remedied by amendment.
Interestingly enough in the papers that have emerged from the Department of Internal Affairs very little examination of the role of the HDCA in the overall content regulatory system features at all. In the DIA discussion paper “Safer Online Services and Media Platforms” which examines the options for a new content regulatory system based on industry codes for different types of platform the HDCA barely rates a mention. Yet the Act is a classic example of Internet exceptionalism in that it provides remedies and creates offences specifically for harmful online behaviour.
The HDCA is administered by the Ministry of Justice. Critical to the operation of the HDCA is the role of a statutory body – the Approved Agency. The role of the Agency from the outset has been filled by the well-known NGO Netsafe. Funding for Netsafe’s role as Approved Agency has come from the Ministry of Justice. It also receives funding for its educational activities from the Ministry of Education.
Importantly there is a distance between Netsafe and Government involvement in this area. From the point of view of optics it would be seen as Government interference in moderating communications if Government agencies were directly involved. That could have implications for the freedom of expression guaranteed by the New Zealand Bill of Rights Act 1990. This was recognized some years back when there was a possibility that the DIA might bid for the role of Approved Agency. That initiative was quietly dropped.
That said there is a view that the DIA has a role to play in the online safety space. Six percent of a survey taken suggested that they would report harmful content to the DIA. And as I have suggested the DIA is leading the review into content regulation in the online space.
Whilst the consultation period for the “Safer Online Services” discussion paper was still open there were other moves in the online space that suggest a consolidation of governance functions. That this should have taken place while a public consultation on content regulation was in train is curious to say the least. That it should take place within weeks of a general election could suggest a desire by the Government to set things in place while it still could.
The first inkling that something was going on was the announcement in July that CERT NZ – the Computer Emergency Response Team – would become part of the Government Communications Security Bureau’s (GCSB) National Cyber Security Center. Cabinet papers released on 15 August (and which are not easy to find but are here) under the anodyne title “Digital Service Transformation: Building modern, integrated, and resilient digital public services” explains the proposal in this way
“There is an opportunity to make the Government Communications Security Bureau (GCSB) the lead agency for cyber security by expanding their role to have responsibility for cyber security operations. This will require integration of Computer Emergency Response Team (CERT NZ) into the GCSB. This would also be supported by the recently strengthened mandate for the Government Chief Information Security Officer role held by GCSB [ERS-23-MIN-0016].”
No rationale for this move is advanced in the documentation. No consultation preceded the decision. Concerns were expressed that placing an outward-facing non-intelligence organisation under the umbrella of an intelligence agency could create conflicts of interest and compromise the independence and transparency necessary for effective cybersecurity operations. The transfer will be implemented by 1 October 2023.
A further development that appears in the same paper is the disestablishment of the Digital Executive Board established in 2022 as an interdepartmental executive board under the Public Service Act 2020. The Board aims to provide a dedicated forum for stronger and more enduring coordination and alignment of the Government’s digital programme.
However, despite the efforts of the Board to support cross-agency initiatives in the digital area, its current remit and functions were not considered broad enough to drive and lead a whole of system approach to transform digital public services.
Accordingly the proposal advanced is that the Government’s Digital Strategy will no longer be led by the Board, and will instead be led by a more “informal grouping” of the relevant chief executives. The new remit will be the Department of Internal Affairs (Government Chief Digital Officer and Chief Privacy Officer); the GCSB (Government Chief Information Security Officer); the Public Service Commission (Head of Service), Statistics New Zealand (Government Chief Data Steward) and the Inland Revenue Department (System Lead Service Transformation)
The role of the DIA is important. The servicing department for the grouping will remain as the DIA who, in the words of the papers “will continue to provide light touch secretariat support to the Board, with further support provided by officials from member agencies (e.g. in the form of working groups). The Department of Internal Affairs will also continue to administer the appropriation from which the Board is funded.” Thus the DIA will control both the agenda and the funding.
The final development of note – and of concern – involves Netsafe, the Approved Agency under the HDCA. As I have observed, Netsafe fufils two roles – the Approved Agency for which it is funded through the Ministry of Justice and an educational and civic responsibility role for which it receives funding from the Ministry of Education.
The Cabinet Paper observes, however, that the DIA leads the Government’s work on digital safety and online harm, working with agencies such as the Police to respond to and support those affected by cybercrime which was the role of CERTNZ.
Netsafe is seen as a part of the online safety system. Without any consultation or discussion with either Netsafe or its two funding agencies the Cabinet paper stated
“There is also an opportunity to consolidate and clarify the management of the government’s relationship with NetSafe. To better ensure alignment of the government’s security and social cohesion priorities, and to strengthen our relationship going forward, we propose consolidating NetSafe funding arrangements in the Department of Internal Affairs, consistent with DIA’s role in digital safety and online harm.”
Moving the contractual relationship to the DIA raises questions such as whether there are greater plans afoot to consolidate the online safety regulatory ecosystem within the DIA, whether there are plans to change the role of the Approved Agency or to amend the HDCA, and whether there might be any potential conflicts of interest in DIA’s role in the wider online safety ecosystem.
This change and its potential effects was not signaled in the consultation paper and significant questions therefore arise as to whether this is a genuine open minded consultation or whether certain decisions have been made behind closed doors and on which the New Zealand public and affected parties have no input.
Certainly the three initiatives that I have described suggest a centralization of control over the Government’s digital agenda. What must be of concern is the unilateral way in which these decisions were made. Notwithstanding that there has been a consultation process in place regarding safer online services these significant governance steps were taken in the background with little or no fanfare until there was a fait accompli.
The decisions seem to have been taken unilaterally. Certainly there was no public consultation relating to any of them. The evidence so far allows one to consider whether an inference can be drawn that the DIA – currently the Department in charge of the censorship regime under the Films Videos and Publications Classification Act – wishes to widen its control over digital content that may be less harmful that “objectionable content” under that Act.
There can be no doubt that a Government Digital Strategy requires a lead agency. But one must wonder at the scope of the remit which goes beyond establishing a functioning, robust and resilient infrastructure so that citizens can easily do business with the Government. That scope strays into the area of “online safety” which may encompass a range of concerns from “I’m offended by that content” to “I’ve been defrauded of half a million dollars”. Perhaps the focus should be directed towards unlawful online activity rather than making the environment “safe.”
Inevitably one is drawn to the start of this whole process back in 2019 where what was proposed was a review of regulating content. Content for most Internet users involves what they can acquire via online e-commerce sites, sending messages and photos via any one of a number of platforms or engaging in one of a number of social media sites.
At times the discussions will be robust and even confrontational. But I wonder whether citizens would like the idea of the DIA or the GCSB snooping on their online activity. The implications for democratic rights and freedoms and especially the freedom of expression could be considerable.
Some form of explanation for what is going on should be forthcoming and in making that explanation the official or Department in question should acquaint themselves with the provisions of the Plain Language Act 2022, something which seems to have been lacking in the Cabinet papers.
Thank you for such an excellent summary. I do wonder about the jurisdiction of the HDCA. The Act is set up to protect individuals, not organisations, but if you post something negative about an organisation, and mention an individual in the post, does this trigger a legitimate application under the HDCA, by the individual that works at the organisation you are posting something negative about?