Police warned over shifting information to cloud
Police have been warned that shifting their information to the cloud could have "severe detrimental impacts" if they are not careful.
The shift to Microsoft cloud services has started in Wellington.
But a privacy impact assessment says if staff accidentally let someone into the data, the consequences could be "death of individuals, extensive injury and hospitalisation".
It lists ways to make it safer.
The tech upgrade changes how vast amounts of restricted, sensitive information is handled, from on-site at police stations using 2013 Microsoft technology, to off-site at Microsoft's 'cloud' of computer servers.
The data can identify individuals.
"Should this become compromised, there could be severe detrimental impacts on the wellness and safety of individuals, as well as the reputation of the NZ police 'brand' and erosion of trust from the public and government," said the May 2022 assessment, newly released to RNZ under the Official Information Act.
"The information that will be stored, processed and transmitted by the service has been classified as up to RESTRICTED, and will include sensitive and personal information. Compromise of information classified RESTRICTED would likely impact NZ police's reputation and operation."
It detailed several risks arising from the upgrade against each of the 12 Privacy Act principles - one severe 'red' one, and several 'orange'. It also listed 31 measures police should take.
"This assessment identified that the proposed use of Office 365 service exposes NZ police to a Very High level of privacy risk. It identifies a total of 12 privacy risks for NZ police through the expected use of the service, one of which was rated as Very High and eight which are rated as High," it said.
"If the privacy risks highlighted in this report are not managed to an appropriate level, NZ police is exposed to privacy threats that may result in Very High health & safety impacts and reputational damage."
But if the controls were taken, then the upgrade would be "within its risk appetite".
It is not clear how many of these measures police were now instituting at the trial stage of the upgrade. "The technical delivery of this work has been relatively smooth, with the products and processes working well," NZ police said.
The assessment report listed a dozen different laws police and Microsoft must comply with.
It noted Microsoft and Spark will run the new system for police, and that this was another point of risk.
One risk was that a foreign government or law enforcement agency could ask Microsoft for New Zealand police data. The US has a Cloud Act that allows for this to happen, though it is not known if the power has been exercised as it does not have to declare it.
The cloud upgrade has been on the cards for years but police have hit roadblocks on the tech front, including from last year's public sector funding cuts, RNZ has reported.
The cloud privacy assessment was started in 2019, but a trial only began in September in Wellington.
Just five out of 32 workgroups in Wellington district have gone live so far.
"The initiative is continuing to fine-tune the framework," police said in the OIA response last week.
A 2022 security risk assessment of the move said Microsoft and its cloud data-centres had an "extensive security toolset" and "layers of defence-in-depth".
The cloud upgrade is part of moves to try to relieve what reports have called "unsustainable" pressure on frontline officers as well as to conform to Privacy Commissioner orders to stop the police illegally taking and storing photos of young people. They amassed tens of thousands illegally up till 2020, as RNZ exposed.
It is in line with successive governments' push for all agencies to shift to cloud services, which has proved a boon for Microsoft, Amazon and Google, and an incentive for the former two US tech giants to build new data-centres in this country.
A second police tech upgrade - to digital notebooks from paper notebooks at the front line in 2023 - aimed to add photo handling features this year.
An assessment of this, also released under the OIA, also found a "high" risk, but that this was more easily managed. It laid out 41 measures to take.
Police did not formally consult the Privacy Commissioner about either the Digital Notebooks and Microsoft moves, though privacy and security risk assessments were run on both, they told RNZ in the OIA.
They have had no reports done on how the seven-month-old Wellington pilot was going, but would at the end, they said.
The cloud work was being done largely in-house, with just one contractor hired for $288,000.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
23 minutes ago
- Techday NZ
Spark launches kid-focused mobile plan with parental controls
Spark has introduced a mobile plan designed specifically for children, featuring parental controls and online resources to support families managing digital technology use at home. A national survey conducted by Spark indicated that 36% of New Zealand parents feel overwhelmed when it comes to managing technology within the household. The research suggests that issues such as disagreements over device use, uncertainty about technology, and the frequent resort to banning devices altogether are common challenges for families. The Spark Kids Plan responds to these concerns by offering a range of protections. The plan restricts promotional and marketing communications from Spark, blocks the purchase of additional extras or use of premium short code texts, and imposes incremental data limits. Parents are given oversight and management capabilities, including the option to allocate an additional 1GB of data to their child's plan if required. The offering is compatible with any mobile device, including basic mobile phones. In conjunction with the plan, Spark has launched a new online Parent Hub, developed in partnership with Parenting Place. The hub offers resources such as conversation guides, expert advice, and practical tools intended to help families navigate digital life collectively. The collaboration includes an introductory offer where the first 500 customers signing up to the Kids Plan receive complimentary access to Parenting Place's 'Digital Parenting: Raising kids in an online world' course, which is normally priced at NZD $80, with a continued discount for Spark customers thereafter. Parental insights Spark's research, which canvassed the views of more than 500 parents across New Zealand, found that the struggle to manage household technology is widespread. The survey revealed that 18% of parents experience conflicts or disputes related to device use, 11% feel unable to keep up with the technological landscape, and 6% have implemented outright bans on technology to avoid disputes. Among those not struggling, 86% still expressed a desire for kid-friendly mobile accounts with parental controls and no marketing messages. Spark's Corporate Relations and Sustainability Director, Leela Ashford, commented on the findings and the company's approach to addressing them: "We've listened to parents across Aotearoa who told us that staying connected with their kids is important, but so is setting safe boundaries. Many felt they were flying blind when it came to kids and tech. "While there are parental controls available at a mobile device level, there's currently no mobile plan in New Zealand designed specifically for younger people. We saw this gap and knew we could and should fill it. Spark's Kids Plan treats kids as kids and is designed to help families introduce mobile phones in a way that provides the benefits of connectivity – like staying in touch when kids are away from the house – without opening the online floodgates all at once. It's not a silver bullet, but another tool in the toolbox that empowers parents to make the best choices for their kids." Resource availability Research conducted by Census At School shows that at least 60% of New Zealand 11-year-olds own a phone, but until now, telecommunications providers have not tailored mobile plans specifically for children. The new offer allows parents to manage the mobile account under their own name, with children having access through devices of their choice and within set boundaries. The Parent Hub, developed in partnership with Parenting Place, was launched following a finding that 80% of parents would use digital resources to help their children build digital competence. The hub seeks to provide guidance on issues such as screen time management and readiness for social media use. Child psychologist Dr Emma Woodward commented on the complexity of digital parenting and the potential benefits of structured support: "Digital devices aren't going away, so the key is equipping kids, and their parents, to use them safely and thoughtfully, so that whenever the time is right for the parent to introduce a mobile phone, they're both aware of the risks and benefits. "I've worked with many families where technology causes stress and conflict. A plan like this offers a gentle, structured on-ramp into the digital world, much like training wheels on a bike or a learner's licence for the road." Parenting Place Interim CEO, Nina Field, also stressed the growing challenges parents encounter and the need for tailored support: "We know New Zealand parents want to raise children who thrive in the online world, but navigating technology, particularly at the pace it moves, can feel overwhelming. It's one of the most common concerns we hear from families. That's why we've worked closely alongside other experts in this space to develop a self-guided Digital Parenting course: to equip parents with practical tools and strategies to lead their whānau with confidence when it comes to technology. Our partnership with Spark builds on this, expanding access to trusted, relatable support through their new Parent Hub – meeting families where they're at. "Spark's new Kids Plan offers families a thoughtful way to introduce mobile phones with clear boundaries. It's a timely, practical solution that empowers parents to make choices that fit their family's values and needs". The Spark Kids Plan is available for NZD $20 per month for those on eligible pay monthly mobile plans. Follow us on: Share on:
Otago Daily Times
3 days ago
- Otago Daily Times
'Out of date' machinery laws under review
By Phil Pennington of RNZ A timber worker is having to relearn how to play the guitar and trumpet - and how to write - after losing two fingers in a machine without a guard. His passion, music, is now bittersweet, he says. A 37-year-old man is dead; seven months into a packing job, asphyxiated after he fell onto a fast-moving conveyor belt. The belt lacked a guard. Graham McKean of the Maritime Union counselled the man's workmates at the factory just days later. "They were distraught," he said. "It was horrific, I just, the feeling in the air, the hair on the back of my neck, the chill that ran down my spine. "Simply because the proper guard had not been put in place." Then there is Ethyn McTier, dead at 23, crushed in an unguarded conveyor belt. These are cases brought to public attention in recent months, where machinery safety failings were only penalised or fixed after the fact. An engineer who gives expert evidence in courts and to inquests after workers are killed or hurt is angry. "Expert witness work mostly makes me angry," Dr Joe Bain said. "Because time after time, after time, we wind up writing reports that highlight that somebody's been seriously injured, if not killed, by a known problem, where there is an existing solution ... that simply hasn't been applied." In eight years giving such testimony, he has yet to come across a tragedy that could not have been averted. It's mostly not malice, he said, but businesses not knowing what "good looks like". But could it be that now a solution to New Zealand's poor and dangerous record with machinery is in sight? The government thinks so. Workplace Safety Minister Brooke van Velden has launched a quickfire consultation with factories aiming to simplify rules around keeping machines safe - to make what "good" looks like clear. "The Health and Safety in Employment 1995 Regulations for machine guarding are out-of-date, incomplete and very prescriptive, requiring very specific protection for woodworking and abrasive grinding machinery," she said in a statement on Thursday. "The review will consult on simplifying these out-of-date rules" and guidance, she said. Make that a "major" rewrite, said the Employers and Manufacturers Association. The EMA joined with ACC last year to come up with a harm reduction plan. "No funding was provided for the implementation of this plan," said ACC, which instead has been seeking companies with good ideas about what to do. ACC, like Worksafe, faces financial strictures limiting or cutting its programmes. That could be financially wrong-footed, when manufacturing injuries are costing ACC $165 million a year and mounting. Business Canterbury's Leeann Watson senses a breakthrough after years of frustration - she and the EMA are among those puzzling over why work on machine safety started then stopped - buoyed by van Velden fronting 100 of her members last year, an unusual move by a minister she believes. "There is no business that I know of that is not wanting to keep their people safe," Watson said. "They just want good clarity and good consistency." Yet the 1995 regulations to be simplified say very little about machine guards; by contrast, the guidance and existing standards amount to over 1000 pages. Yet it leaves out "the useful bit", Bain said. What is that? Simple European standards, complete with pictures, called Type Cs, that show how to keep most of the most commonly used machines safe - "all the work has been done". Bain (who declared his involvement with the Labour Party) told van Velden about Type Cs at her roadshow on overall work safety reform in Napier last year. "I've told her. "Anybody who knows me is sick of hearing me talk about Type C standards" - he wrote about them in Safeguard magazine in January - "Pretty much, they nod their heads and go, 'Yeah, that makes sense'. "Whether it's come through as clearly from other contributors to the roadshows, I don't know." As it turns out, not so much. An initial summary of roadshow submissions alluded to it. But a summary out on Wednesday of all the submissions - including written ones covering over a thousand people - left it out. This later summary only mentions machinery and guards once. It is, in fact, seven pages shorter than the 46-page summary that covers only the roadshow. Mike Cosman is nervous at what the minister is saying. "Yesterday it was scaffolding. Today it's guarding and the messaging seems to be the same, which is lowering standards, which means making it cheaper." The consultant, a veteran of previous government workplace safety reviews, helped submit to the roadshow on behalf of a thousand members of the Institute of Safety Management. "The approach that we take is already risk based. It's all based on the concept of doing what's reasonably practicable in the circumstances. "And anything that undermines that fundamental approach, which has been around now for 50 years, I think is dangerous." At the same time, he acknowledged the way the rules should be implemented needed to be clearer. The Maritime Union's Graham McKean voiced similar worries. Bain was clear on the problem and the solution. "Generally speaking, that's not as a result of malice," he said of harm to workers, "it's as a result of businesses not having enough information made available to them. Not having a clear idea of what good looks like." Import Type Cs tomorrow and give them to businesses for free, was his message to the government. There is no sign of that happening. "There are many standards referenced across the health and safety at work regulations; it is not standard practice for government to pay for accessing these," van Velden said.
NZ Herald
3 days ago
- NZ Herald
Tech firms say deals for power give new life to nuclear plants at risk of going offline
Meta signed a 20-year agreement for the power flowing from a large legacy reactor in Illinois. Microsoft struck a deal to restart a reactor next to the one at Pennsylvania's Three Mile Island plant that was closed in 1979 by a partial meltdown. And Amazon last month in the same state locked up power from a 42-year-old nuclear plant down the Susquehanna River. Tech companies are scouring the nation for other geriatric nuclear plants to power their AI dreams, according to interviews with nuclear industry officials and company earnings calls. Their interest is focused on the roughly two dozen operating plants in unregulated markets, which are in many cases free to sell power to the highest bidder. They make up about half of the 54 plants still operating in the US. The tech firms say the deals give new life to plants at risk of going offline or that have already been shut down. Contracts that lock in rates for decades are attractive to plant operators, and the electricity flows without directly generating new carbon emissions. Critics say Silicon Valley's nuclear spree will make it more likely that consumers will face electricity rate hikes or shortages in coming years as the US faces soaring demand for power - driven in part by new data centres. By locking up ageing nuclear plants instead of building new power generation, tech firms could leave communities to fall back on fossil fuels, extending the life of polluting coal and gas plants. A few years ago, nuclear energy struggled to compete with cheaper renewables and natural gas, but all power sources are now in greater demand. Contracts with tech firms can offer nuclear plant operators as much as double the market rate for electricity. Jackson Morris, a director with the environmental advocacy group Natural Resources Defence Council, said tapping nuclear energy allows companies to keep pledges to use carbon-free power, but 'doesn't do anything to solve for the impact they're having on consumers'. 'They're insulating themselves from their own impact,' he said. Amazon, Google, Meta, and Microsoft declined to answer questions about which additional nuclear plants they may be seeking to buy power from, as well as the potential impacts of such purchases on other ratepayers and the environment. Amazon founder Jeff Bezos owns the Washington Post. All of the companies say they mitigate the impact of their energy use on other customers, by working with utilities to shield customers from funding infrastructure that serves only data centres and investing in bringing new clean technologies to the power grid. Tech firms say their data centres will eventually be powered by a new generation of cheaper but more sophisticated nuclear reactors, to be designed with help from AI. However, the technology has been stymied by engineering issues, supply chain challenges and regulatory hurdles. Google and Microsoft are also investing in fusion energy, which is even less proven. Controls, monitors and indicator lights fill the main control room at Three Mile Island last year. Photo / Wesley Lapointe, The Washington Post 'It turns out it is hard to go from all of that fancy new technology on a spreadsheet to an actual piece of infrastructure that isn't run with analogue controls,' said Ted Nordhaus, co-founder of the Breakthrough Institute, a California-based energy think-tank. 'Right now there is not much else to do other than try to squeeze every electron you can out of the existing nuclear fleet.' Chain reaction Energy companies that own nuclear plants are thrilled by the tech industry's recent interest, calling it a springboard for nuclear power's resurgence. New Jersey power company PSEG told investors in February that it is in talks with tech firms about selling large amounts of power directly from its nuclear reactors on what is known as the Artificial Island complex in Delaware Bay. Company chief executive Ralph LaRossa said in April that requests for new power from the utility by data centres has exploded over the past year, jumping 16-fold to 6.4 gigawatts, an amount of electricity that could power several million homes. In Texas, energy company Vistra says it is in talks with tech firms interested in buying energy from the Comanche Peak nuclear plant, near Fort Worth, and possibly others it owns in Ohio and Pennsylvania. 'I think we will see more large deals,' said Dan Eggers, executive vice-president at Constellation Energy, which owns or partially owns 13 nuclear energy complexes across the country. Constellation has already rezoned land next to the Byron Clean Energy Centre, a nuclear plant in Illinois, so tech companies can build data centres there. It is seeking similar changes at the campus of the Calvert Cliffs nuclear plant in Maryland on Chesapeake Bay. The company says it is also contemplating new deals with tech companies for long-term nuclear power contracts in Pennsylvania and New York. Lawmakers and regulators in some communities are concerned data centre nuclear deals could increase costs for other ratepayers and weaken the power grid. Some Maryland lawmakers want to ban Constellation from inviting data centre construction alongside Calvert Cliffs, which produces nearly 40% of the state's electricity. A report from the state's Public Service Commission warns that siphoning energy from the plant away from the power grid for data centres could destabilise the system. The Calvert Cliffs nuclear power plant in Lusby, Maryland, is seen in 2011. Photo / Jonathan Newton, The Washington Post 'In addition to being costly to replace a large nuclear plant, the quality of the generation … would be difficult to replace,' the report says. Unlike solar or wind facilities, nuclear power provides round-the-clock electricity when the plants are operating, in any weather. In many cases, nuclear power that gets redirected to tech companies would be backfilled on the power grid with gas or coal generation. Nuclear industry officials say the solution is not restricting deals, but building more plants. 'It is short sighted to say we will just ignore all this demand over the next few years and tell these companies to get their power somewhere else, when this could set us up for a lot of growth in the industry,' said Benton Arnett, senior director of markets and policy at the Nuclear Energy Institute, an industry group. But even nuclear executives working with tech firms acknowledge that pulling zero emissions nuclear energy away from other customers will have an impact on the climate and can be out of sync with ambitious commitments tech firms have made to reduce their carbon footprint. 'A growing list of people are realising they can't have everything they want,' said Robert Coward, principal officer at MPR Associates, one of the nuclear industry's leading technical services firms. Critical mass The scramble by tech firms to secure more nuclear energy quickly has led Silicon Valley companies to some unexpected places. They include a dormant construction site in South Carolina, where plans to build a Three Mile Island-size nuclear plant were abandoned in 2017, after the developer burned through US$9 billion on a project that struggled with cost overruns and engineering setbacks. Local ratepayers were saddled with the bill. Federal prosecutors in 2020 secured prison sentences for executives involved with the project for lying to investors and ratepayers about its viability. Now, several big tech companies are among those that have expressed interest in bringing the VC Summer nuclear project back to life, according to testimony from officials at utility Santee Cooper, after it invited proposals for restarting the project. A utility spokesperson would not say if there are tech companies among the three or four proposals she said are finalists for a potential deal. Tech firms are also eyeing a revival of Duane Arnold Energy Centre in Iowa, a 1970s vintage nuclear plant majority-owned by NextEra that was mothballed in 2020 after a fierce storm damaged its cooling towers, according to company earnings calls. The repairs were initially deemed too costly, but data centres have shifted the economics of nuclear energy, and NextEra is mulling a reboot to serve the facilities. 'If we continue to see the kind of prices Microsoft is willing to pay for nuclear power from Three Mile Island, these type of deals become a solid economic proposition,' said Carly Davenport, a utilities analyst at Goldman Sachs. She said estimates show the tech company is paying as much as twice the going rate on the open market, and locking in for a 20-year contract. Duane Arnold is one of the last retired plants intact enough to restart. Many of the retired plants in the US have already been dismantled. But tech companies are finding ways to squeeze more juice out of active reactors in the ageing national fleet, pursuing reactor 'uprates' from federal regulators that allow increased output. Nuclear power companies aim to increase the power output of the existing US nuclear fleet by the equivalent of three large new reactors using that tactic. As more deals involving ageing reactors emerge, consumer advocates and environmental groups are growing concerned about the impact on everyday ratepayers and the planet. Amazon reconfigured its deal in Pennsylvania after it was rejected by federal regulators that expressed concern about the effects on consumer electricity bills. The company had proposed routing power from the plant directly to nearby data centres, allowing it to avoid paying usage fees for the electric grid. A caution sign warns of radioactive exposure on the turbine deck at Three Mile Island, which is being renamed Crane Clean Energy Centre. Photo / Wesley Lapointe, The Washington Post The online retailer last month announced a deal with plant owner Talen in which it agreed to pay grid fees, a contract that will effectively lock up a large chunk of existing power generation at a time the Mid-Atlantic power grid desperately needs more energy. The deal is notable because it puts an existing nuclear plant on sound economic footing for another decade of emissions-free power generation, said former federal energy commissioner Allison Clements. However, Amazon is also removing supply from the grid just as demand from AI and other uses such as electric cars and air conditioners is spiking. 'There isn't enough power on the grid,' Clements said, and the increased load forecast by analysts, utilities and grid operators cannot be met by existing power sources. 'There's not enough room on the system.'
