Matthew Taylor

I’ve heard things said about part one of this post: someone said that I will get what’s coming for me when I’m applying for a job and a potential employer comes across the post. I disagree. I regularly consider the potential consequences regarding what I post online and it’s effect on my future. If anything, I would hope a potential employer would know that change does not happen by staying silent, and that freedom of expression creates a better society for everyone. If a potential employer doesn’t see it that way, perhaps that’s a good test as to whether we would be a good fit.

Of course, this person sharing their opinion was a teacher, wouldn’t have read the post, and perhaps feels threatened by the prospect of students having a voice that cannot be contained by the walls and threats of the school.

In any case, there’s not room for all of us to rescue animals for the SPCA.

—

Values (Part Dos)

I think that sticking up for your rights is important. I think that sticking up for yourself is important. I think that if you don’t stand up for your rights, you’re making it easier for them to be taken away altogether. I think that freedom from unreasonable detention is an important right.

—

Security personnel in malls are quite often unfriendly, unnecessarily aggressive and lack people skills. I would like to see statistics for how many tried to apply to be police officers, but for some reason failed.

Eg. At a Westfield Riccarton “talent quest” I was approached by a woman who worked for the mall and was scolded for taking (consensual) photos of people I knew solely because they were in the “backstage area”. For anyone familiar with how they set up their stage, you would know that the backstage area could also be considered “that open to the public, uncovered area in front of Kmart”. Later, possibly related, our group was approached by a security guard and told to not “cause any crap today”.

—

In December 2008, I was part of a separate group of four that were locked in a small room off of the car park at The Palms by security.

The “crime” for the other three people was returning to the mall to watch a movie after being told to leave for the day. The reason for being told to leave? Pushing a wheelchair that was already on an escalator up it and then down, and letting it go briefly on the way down. I was standing at the bottom of the escalator. I was never told to leave for the day, but apparently as I did indeed walk off the premises with one of the others, I had banned myself for the day too and should have known this.

After reentering the mall we were accosted by security at the ticketing counter, who now wanted to trespass us. I’m not saying reentering the mall was the best decision, but we had no intention of causing any trouble and just wanted to watch the movie we came to the mall to watch.

This is perhaps a good time to mention that we were all around 14-years-old.

One friend was physically grabbed on the arm to stop her from leaving. We were herded through to their security HQ, which today appears to be a Community Constable’s office. I resisted entering this office, but when several adults are surrounding you, it’s clear they have no problem getting physical, and your friends are already inside, there is not much choice involved in the matter.

If you are a visual person, here is a quality cellphone photo of where we were:

I am squashed in a corner behind a door that’s being guarded by the woman to the right of the photo. There are not enough seats for the four of us. There’s a table directly in front of us, dividing the room. The older man never leaves. Occasionally others enter, like the man writing out a trespass notice on the desk. The room is tiny, the walls are directly behind me, directly to the right of me, where the paper baskets are, and where the barred window is.

We were given no opportunity to leave, and I am sure we would have been prevented from leaving if we tried to. We were being held against our wills. We were not under citizen arrest, and the police were not on their way.

For some, maybe it seems like we deserved this, or that it doesn’t seem like a big deal.

But I felt, and still feel victimized. I regret not doing more to try to leave at the time.

To begin with, all of us refused to give our personal details. Many scare tactics were used to get us to comply. They threatened to call the police (maybe they did, but were told that the police had better things to do with their time) and all the schools in Christchurch to find out our names (1) schools weren’t open this day 2) even if they were, whoever answered would not be able to place a name to a physical description 3) they wouldn’t have discussed student details anyway).

I protested that I had nothing to do with the escalator and that it wasn’t clear to me that I was banned for the day. I repeatedly requested to view the security camera footage they were reviewing (or said they were reviewing) in the adjacent room, a request which was repeatedly denied.

A man, probably the manager, or person in charge this day came in and took photos of us on his cellphone.

I was taken outside by myself twice. Once to tell me they decided not to trespass me.

Even though I could go, I didn’t want to hang around outside alone, and I didn’t want to leave my friends.

The next time I was taken outside was to try to get me to tell them the names of the others – my response was that their refusal was their business, not mine. Another tactic used to get their names was “we need to see inside your wallets to see if you have stolen anything”.

Eventually, my friends gave up. They said their names, and were coerced into signing the bottom of the trespass notice. (If anyone’s curious, they try to look up your parents up to check the name you give).

And then, they were released.

—

My intention is to shine a light on what happens behind closed doors, sometimes probably with people much younger than we were at the time. The malls know that young people don’t know their rights, and are unlikely to stand up to big, rough, bullying adults, but they don’t care. It’s much more important for them to nab that group of kids pushing a wheelchair on an escalator.

Stand up for what you believe in. Because it matters.

—

Date: Thu, 16 Aug 2012 21:05:11 +1200
Subject: Trespass Procedure
From: Matt Taylor
To: info@ampthepalms.co.nz

Dear The Palms,

Have you changed your procedure, or does this sort of thing still go on?
http://www.matthewtaylor.co.nz/2012/08/16/that-time-i-was-nearly-trespassed-from-a-mall/

Matt

Public Intelligence got a hold of some interesting slides that Microsoft seems to present to law enforcement personnel. Microsoft explains the weaknesses in their privacy/security functions and how law enforcement et al. can leverage them best.

Here are some highlights:

InPrivate

A benefit to law enforcement of InPrivate is that website data for sites added to favorites will be left alone if a box remains ticked.

Not surprisingly, The Tor Project comes up in the presentation (because anyone using Tor must be doing something bad!!), associated with the user name ‘bad guy’.

Common uses of the InPrivate mode include checking e-mail on public computers and “shopping for gifts” on family computers.

In a plea to not lose their law enforcement buddies because of the inclusion of these inconveniencing features, Microsoft says that they’re not alone including private browsing functionality, ie. they were forced to do this because the competition was doing it (good job Firefox and Chrome).

Bitlocker

Microsoft says that it’s not all bad, BitLocker isn’t available to any commoner, it “has a number of ‘Recovery’ scenarios that we can exploit”, and that users are scared of encryption.

“We are the good guys!” Who are the bad guys then? The people using encryption/BitLocker?

Virtual PC Undo Disks

Virtual PC Undo Disks are scary for law enforcement.

Full presentations are here.

Formspring recently reset lots of passwords after some were misplaced/stolen. Their email to users seems a little light on detail and doesn’t elaborate what the security reasons are, or even link to their own blog post about what happened. Sharing is caring, Formspring.

Not with Photoshop (and apparently Paint Shop Pro), or your printer, anyway.

The counterfeit deterrence system

If you try to open an image of specific currencies (and I assume at a specific resolution or higher) in Photoshop, you’ll receive the same error message as above. It’s interesting to note that New Zealand’s money isn’t blocked from being opened. Probably because we’re too busy trying to stop our passports from being counterfeited.

You can test it out using images from Banknotes.com. This one and this one throw up the error for me.

Here is Adobe’s information page on their ‘Counterfeit deterrence system’. What Photoshop is looking for is apparently a Digimarc digital watermark, different from the EURion constellation printers, or at least colour photocopiers look out for.

How to get around it

So what if your counterfeiting plans were going well so far, and now you’re at a standstill because of Adobe? You can use Gimp. It opens banknotes without trouble. So do old versions of Photoshop. And Microsoft Paint.

Why did Adobe think it was a good idea to add this? Counterfeiters will already know that they can use an older version of Photoshop, or use other software to get around this additional ‘feature’ and will be doing that.

All Adobe is doing is pissing off people who are trying to use Photoshop for a legitimate reason.

The Rules For Use website the dialog box directs users to even lists situations where you can reproduce banknotes legally (e.g. at a certain size), but Photoshop blocks opening banknotes full stop.

Why is it included?

Adobe will have had to spend time and money on including this system, with no returns in the form of additional sales. I assume they were pressured to include it, or even paid to include it by the Central Bank Counterfeit Deterrence Group.

BNZ specifies an interesting use for your Eftpos card PIN that’s not permitted in their newest card terms and conditions – using it for the lock code on your phone.

1.5 PIN selection
… Your PIN should not be used for any other purpose including your lock/unlock code for your mobile phone.

In the new card letter they also make an interesting comparison of PINs to electronic signatures. But I think their next sentence shows why this is a potentially confusing example to give:

“When selecting a PIN please remember that this is your electronic signature. You must not keep a written record of your PIN, give your PIN to any other person or select a PIN that can be readily associated with you such as birth dates, addresses, parts of telephone numbers, car registrations, sequential numbers (eg 1234, 9999) or any other easily found personal information.”

Signatures are often written down, given away and are made up of personal information. Perhaps there is a better comparison available?

^{Image credit: Andres Rueda}

I posted a while ago about a security issue with TelstraClear’s webmail. Mainly that I could access an email account through the referring URL gathered through this blog’s statistics.

This made me think about the personal information that I have in my email account.

The library here in Christchurch includes users’ addresses in the header of all emails that they send out automatically (reminders about due books, holds, etc). I gather libraries around the country do this.

This always struck me as strange, because there’s no need to include this information.

An address isn’t the most private information in the world, but if someone broke into my email account, it’s something I wouldn’t like them to have.

So I asked the library about it. Here’s their response:

“Thank you for your recent query as to why postal address details are included in Christchurch City Libraries customer email notifications.

SirsiDynix, the integrated library system provider used by Christchurch City Libraries, have responded that identical address information is shown on both notification options [email and snail mail] because the reports draw on the same User Address information. Their opinion is that modifying the script to suit emailed notices would harm the report’s ability to print the needed addresses for mailed notices.

Unfortunately in-house report customisation is not currently a viable option because of time and financial constraints but we would certainly re-evaluate should there be further customer demand. We are not aware of any likely changes to the SirsiDynix system in the near future.”

No dice.

^{Image credit: Fiona Bradley}

Update 28 September 2012: This post was written before I started working for a bank (who I love dearly), and at least some views expressed in this post have changed since then (eg. case-insensitive passwords (and ASB isn’t the only bank that does this) are irrelevant when users are locked out after three incorrect login attempts–Facebook does something similar to this, accepting the actual password, the password with the first letter capitalized (to account for automatic capitalization on mobile devices), and the password with the case of letters reversed (to account for the caps lock key being on), and that a charge for a bank cheque is not so unreasonable in the context of a lot of bank cheques being for a large amount). Also some bank policies have changed since this post was published (eg. ASB no longer charges $2 for automatic payments added/amended online–progress!) There is, however, no way of getting around ASB’s $0.20 fee for a Netcode over-$500-transfer-authorization if you don’t have a token–it is charged even if you call the 0800 number and ask them to release the payment. Except for a note regarding the previous sentence, this post hasn’t been edited from the original form.

And useful (see: next day bank transfers).

What it said.

I’m with ASB and they are great, however no one is perfect. Here’s some things that I hate about banks in New Zealand. Many of these problems are shared by the entire industry.

Tertiary accounts

Update: Here’s some clarity around ASB’s tertiary accounts.

Or the fact that ASB keeps trying to convert me to one even though I’m not allowed one.

Here’s mailer number one, received the week of my 17th birthday:

And mailer two, from today:

Irrelevant: check. Impersonal: check. You know how to make a guy feel special ASB. (Case in point: I’m not 18 so they couldn’t give me my own credit card even if they really really wanted to).

This is upsetting because I have a feeling tertiary accounts have less fees than youth accounts. At least, it isn’t emphasized that service fees apply to tertiary accounts like it is for youth accounts on ASB’s fee exemption page. Service fees apply for everyone, see comment from ASB below.

Stupid bank fees

ASB isn’t the only bank that charges stupid fees, but here are some examples of theirs:

• $2 to set up or amend an automatic payment or add a person you might want to transfer money to again (like the power company, or mum). Online. On the internet. Changing an entry in a database. By yourself.
• 20 cents for each time you use Netcode, ASB’s text verification service, which you can choose to happen on login. Google, who isn’t even in New Zealand doesn’t charge for this (see below). Probably get charged 20 cents again by your mobile service provider for receiving the text. Some sort of verification is required for some transactions that take you over a $500 daily transfer limit, or if you’re sending money overseas. Alternatively, you can ring their call center to get transactions verified for free11@!! I wonder if the time of the person you speak to on the phone is worth less than 20 cents? See update at top of post–20 cents is charged even if you call the 0800 number.
• Alternatively you can pay $12 a year for a physical Netcode token, which you’d need if you are regularly out of cellphone reception and probably if you travel overseas. RaboDirect provides these for free. BNZ provides the NetGuard card for free.
• 5 cents for each email alert. For the virtual stamp. Or the person who licks it. Or something.
• 20 cents for text alerts and text banking. I think they charge you when they receive a text banking message from you. Plus you probably get charged to send texts to them by your service provider. In contrast, Westpac provides a certain number of text alerts free per month as long as you log in to online banking that month.
• $5 for bank cheques. Plus because you probably have an “electronic” account, and if you’re not a youth/student, a fee of $3 because that’s a manual transaction.

Password policies

“Please note, your password must be eight characters long, and contain at least two letters (a-z) and at least two numbers (0-9). For example, redbus73 and 8cube224 are valid passwords.”

This is ASB’s. I assume other banks are as ridiculous. Would you like a nine character password? YOU CAN’T. MUST BE EIGHT.

Microsoft’s password checker says both of their examples are weak. ASB lets you use both of their examples as real passwords, because security.

@MothershipNZ and @FromAQuasar point out that ASB passwords aren’t case sensitive and also that some symbols aren’t allowed.

Stupid marketing policies

Here’s an entry form I picked up from BNZ’s tent at The Show:

Note the classy clause at the bottom: “By providing your details, you consent to use contacting you about our products, services and promotions, from time to time (including via text message without an unsubscribe facility).”

Once you’re in, they have you.

I guess if you rang them they’d remove you from their text messaging scheme, but really, why not let people unsubscribe via text using common keywords like stop, or unsubscribe?

Visa Debit cards

And their annual fees. $10 a year for having the card. National Bank got half of the memo and isn’t charging the annual fee if you have their Freedom account. But you have to be earning $30k+ a year and pumping it into that account. Anyway, I like the image they’re using in their ads for it (see top image).

Sure, debit cards are great if you are under 18 or don’t trust yourself with a credit card. But really, if you can, you should just get a credit card.

Banks (looking at you Westpac and BNZ) seem to love converting people to these debit cards, even if the person already has a credit card with the bank. I don’t understand. Family members have received Visa Debit cards in the mail from Westpac, even though they have a credit card with Westpac. If you already have a Visa or credit card, why would you want a Visa Debit?

It’s a bit of a have, because people naturally think this is their replacement EFTPOS card and start using it, probably not realizing that once they start using it they’re going to be charged an annual fee. If they’re lucky, maybe the fee will be waived for a year or two!

When you go into BNZ to request an EFTPOS card, the tellers like to order you in a Visa Debit card instead*, because, you know, they know best.

^{*May have happened just once.}

Lack of security

That’s Google’s 2-step verification programme.

There’s a number of ways to use it. I have the Google Authenticator application on a couple of devices (it works without needing an internet connection), I can get a code sent to me by text (for free!!@@) if the application isn’t working, I can use the backup codes if I have to, and I can tell Google that it doesn’t need to ask me for a verification code on the computer I’m using for another 30 days if I trust it.

It works, it’s good, it’s free. And it’s not even protecting my money.

Side note: security has to actually be built-in by design and be compulsory for it to be useful. Kerry Thompson points out that security conscious people probably have limited use for 2-factor authentication systems, because they already take precautions. The people who aren’t security conscious are also the people who don’t think they need 2-factor authentication, they think they’ll be covered by the bank, or won’t use it because of the cost (hi ASB’s 20 cent per text charge).

See also: Google doesn’t have an eight character password policy and Google gives a detailed account of recent account activity (ASB shows the last time I logged in, but I rarely look at it, and out of context it’s kind of useless).

Gimmicky campaigns for savings

Read: ASB’s Save the Change and Westpac’s Impulse Saver iPhone application.

How about encouraging people to set up an automatic payment to a savings account every pay period and sign up for Kiwisaver?

Also, you would think an application that consists of one button would be easy to set up, but Westpac’s Impulse Saver requires you to apply to use it, and makes you wait for a callback from a customer service person.

Phone banking on mobiles

Westpac and BNZ seem to be the only two banks who try to ban calls from mobile phones to their phone banking numbers. It’s trivial to get around this with Westpac, just call their main 0800 number and press one to get to phone banking. On BNZ it seems like that works too, at least after their call center hours.

Visa and MasterCard undermining credit card PINs

Visa and MasterCard aren’t banks, but whatever.

McDonald’s, in association with Visa and MasterCard has the policy of not requiring a PIN or signature (pdf) for credit card transactions under $35.

How they can guarantee security, I’m not sure, because they just took away the only security of a PIN or signature. I’m not sure why Visa and MasterCard don’t make this opt-in or opt-out.

Zero liability can’t apply if you don’t realize there’s a fraudulent charge on your statement, so good luck everyone.

Next day bank transfers

Or please stop relying on a cron job for transfers.

10 years after one-off payments were introduced, they still take up to the next business day to go through to accounts at other banks. I realize this might require some consultation with the People In Charge Of The Money, but can we please get rid of this? Thanks. Also, could we please do transfers on non-business days to accounts at other banks and get rid of the 10pm cut off for not-my-bank transfers?

Excellent.

When you visit this website, like most others, analytics software on this end records some information about you, including what website brought you here.

Someone visited here by following a link from an email which they accessed using Clear/TelstraClear’s webmail (thank you person who shared my blog with someone, hopefully this post isn’t too discouraging against sharing). With other webmail services, this doesn’t seem to be a problem. However with Clear, it is. Or was.

The Clear referring URL let me access the customer’s emails by clicking on the link (until, I assume, the session is logged out, timed out or the customer’s password is changed). I then had the ability to navigate through the entire folder of emails, see the person’s address book and see their recent contacts.

This isn’t limited to my site, but applies to virtually any site visited through TelstraClear’s webmail.

What’s in your emails?

This becomes a very big problem when you think about what someone keeps around in their emails. Google wants to encourage its users to archive everything. Perhaps this post contains a very convincing argument as to why you shouldn’t archive everything, and instead make liberal use of the delete button (or move the emails to your computer).

Here’s some examples of information contained in that email account that would be very useful to someone with bad intentions:

• Unencrypted payslips, with IRD and bank account numbers (Ministry of Education)
• Shipping notifications, with addresses, phone numbers and courier tracking codes (Apple)
• Work emails that have made it into a personal email account
• Information on utilities like address supplied from power company e-bills (Meridian)
• A broadband activation email, containing username and plain text password to webmail and probably internet access (Hi TelstraClear, again)

Response

The Ministry of Education never got back to me (nor did Apple, however the information in a shipping notification wouldn’t cause the end of the world). Meridian did and the information contained in their e-bills isn’t all that private. They said that their customers like the convenience of not having to log in to access their bill and that they consider all feedback on their services.

TelsraClear said that the issue has been fixed, that “this was the first time the issue has been raised” and that they “take security very seriously”.

Not sure if they still send passwords in their broadband activation emails.

Understandably TelstraClear were “not too keen” on this post going ahead as “it might encourage attempts to hack the webmail application” which “might still cause service problems for legitimate users if such an attack was to take place”.

However, maybe a real life example will hit home with people, even if they’re not with TelstraClear.

Because how secure is your personal information?

Update: Christchurch City Libraries responds with why they include addresses in the emails they automatically send out.

^{Image credit: Dev.Arka}

Here is something I don’t get. If it is safe for demolition workers to go through the contents of earthquaked buildings before/while/after they’re demolished, why is it not safe for the occupiers?

“Safes found during demolition – there had been only half a dozen – were either opened under police or security firm supervision, or, if they were attached to concrete, dumped.”

Why is this even necessary? Is it that hard to work out that a safe found in the rubble of building X maybe belongs to someone occupying building X? Could we build on that and guess that someone occupying building X would be able to open the safe themselves, without force, even if it is attached to concrete?

Scarier, is that computers and files containing confidential information, in this case mental health records are 1) being “thrown out” at all and 2) if they are “water-damaged”, which doesn’t fly with me, aren’t being disposed of securely.

“The items she was most concerned about included files and computer hard drives containing personal information. Securities House, a seven-level building in Gloucester St near Latimer Square, was demolished by March Construction and Shilton and Brown in May. It housed at least nine mental health agencies.

Tenants, tipped off about the demolition, managed to stop a truck leaving the site in the rain and divert it to an empty section where the contents were tipped.

Tenants then spent the next two days retrieving files from the rubbish. The files had been in locked metal cabinets which had been emptied.

Office manager Mark Petrie said he had contacted a project manager at the time of the demolition to be told no chance existed for any records or personal effects to be salvaged.

He was told all records were water-damaged and filing cabinets rusted.

A former Shilton and Brown worker who worked on the Securities House demolition told The Press workers were told to throw files, many of which appeared to him to be in good order, in the rubbish.”

Where have some files gone? Who knows.

“Canterbury Muscular Dystrophy Association office manager Eris Le Compte, whose office was on the first floor of Community House, said she had gone to look for the 230 personal medical files she had in her office.”

Hopefully other businesses are doing better, because it’s not just a couple of buildings in the red zone that are housing sensitive information.

CERA feigns ignorance. Clearly some demolition contractors have no idea what they’re doing (or every idea of what they’re doing). If CERA has no knowledge of specific cases of important belongings going missing inside the red zone they’re obviously not doing a very good job.

“A CERA spokeswoman said CERA regularly and actively engaged with contractors who had a clear understanding of their obligations within contracts and the law.

‘We have no knowledge of the specific cases you refer to and we can’t comment on whether any allegations of loss of goods within the CBD Red Zone are attributed to contractors’ staff or some other person,’ the spokeswoman said.”

What’s been going on inside the red zone raises a number of issues businesses need to be planning for. After an event like the Canterbury Earthquake, how effective will locks, safes, and filing cabinets be at protecting valuable and confidential information through demolition and when 930+ people are left roaming in and around your building for a significant period of time?

^{Image credit: Jeremy Keith}

A van was crushed by rubble following the February Canterbury earthquake, containing Israeli tourists. One of them, Ofer Benyamin Mizrahi, was killed instantly. Michal Friedman, Liron Sadeh and Guy Yurdan escaped. It’s been revealed that Israeli involvement after the quake has been investigated by the SIS and the police.

Fact checking

What appears to be the original Southland Times article that broke the investigation seems to have been poorly fact checked and shows a lack of editorial oversight. Shemi Tzur, Israeli’s ambassador in the South Pacific is said to have flown from Australia, where he is based, except a quick Google search shows that he is actually based in Wellington.

The same article talks about a piece of suspected Russian malware named “agent.btz” and says that “attempts to remove the malware have so far been unsuccessful”, which gives the impression that the computers of the United States Military are still infected. The next part of the sentence states that “new, more potent variations of agent.btz are still appearing”, so what is probably meant is that attempts to eliminate the malware out of existence have been unsuccessful, which isn’t surprising considering the nature of malware and software in general.

Red flags

9000 passports!

The Southland Times article says that Ofer Mizrahi “was reportedly found to be carrying at least five passports.” John Key said “according to his information, Mizrahi was found with only one passport”, of European origin.

The group of three that left Christchurch gave Israeli representatives his Israeli passport. So that makes at least two passports.

Shemi Tzur says that he was handed Ofer’s effects and they contained “more than one passport.” Does that makes at least three passports or does this include the Israeli passport handed off at the airport?

He says it’s common for Israelis to have dual citizenship because Israeli passports aren’t welcome in some countries, which is understandable. However that doesn’t explain why Ofer was traveling with both/multiple passports—I am an expert thanks to watching Border Security on TV and conclude that less eyebrows would be raised at an airport if, when searched, someone wasn’t in the possession of more than one passport.

12 hours

Within 12 hours of the quake the three remaining Israelis had evacuated Christchurch, driven to the airport by Shemi Tzur himself.

This raised eyebrows because they left Ofer behind in the van, but in their defense there was nothing they could have done and it wasn’t like they were leaving someone injured behind. Guy Yurdan, one of the three, said that Ofer was killed instantly.

The advice from many countries to citizens in Christchurch would have been to get out of there as soon as possible. The potential lack of accommodation, food, and water, plus the risk of further aftershocks would have supported their decision to leave as quickly as possible.

A mysterious seventh Israeli

Concerns were raised about a “mysterious seventh Israeli” who was in New Zealand illegally and was reported missing after the earthquake, but weeks later was reported to have left the country. Not sure whether there was anything suspicious about the person apart from their visa situation.

Five Facebook likes

A Facebook tribute page for Ofer came to the attention of investigators because it only had five likes over four months (now 32). Apparently many Israelis don’t have social network accounts. Perhaps those on Facebook who knew Ofer didn’t know of the page? It seems a stretch to say that this is suspicious.

Four phone calls

It’s been reported that Israel Prime Minister Binyamin Netanyahu phoned John Key four times on the day of the earthquake. John Key says that they only actually spoke once in “those first days.” It seems reasonable that a Prime Minister is hard to get hold of, especially during a state of emergency. I’m not sure what the significance of prime ministers calling each other is, I assume representatives from many countries spoke to John Key as a result of the earthquake.

Two search and rescue teams

There was reportedly one Israeli search and rescue team but then there were two? Either way it seems at least one either wasn’t allowed access to the red zone or was removed from the red zone by armed personnel. According to Shemi Tzur, a team was sent by the parents of Ofer Levy (other Ofer?) and Gabi Ingel, two Israelis who died in the earthquake.

The article says “Israeli families reacted that way when their children needed help anywhere in the world, often because it was demanded by insurance companies.” Insurance companies often demand that families hire and fly to a foreign country private search and rescue teams when search and rescue is already underway by the country?

Strange.

Perhaps stranger is Hilik Magnus, who runs the search and rescue company in question, Magnus International Search & Rescue:

“He served in the Israel Defence Forces in an elite paratrooper battalion specializing in special operations. He fought in the Attrition War, first lebanon war and the Yom Kippur War, remained a reserve officer for twenty years and served also in the intelligence community.”

Stranger?

Their team entered the red zone “accompanied by police, only to retrieve the personal effects of two people who died.” “There was only one rescue team and it was allowed inside the red zone to accompany police to retrieve backpacks belonging to Mr Levy and Mr Ingel.”

One Israel Civil Defense Chief

The Southland Times article says “In the hours after the 6.3 quake struck: Israel’s civil defence chief left Israel for Christchurch.” The New Zealand Herald reports that Matan Vilnai did visit Christchurch, but nine days later. And not from Israel, but from Australia where he was for a visit.

This doesn’t seem suspicious.

A groups of forensic analysts

An Israeli forensic analysis team sent by the Israeli government worked on victim identification in the morgue. A security audit of the national police computer database was ordered after someone connected that the analysts could have accessed it. The police say that their system is secure. Someone from the SIS says that it could be compromised with a USB drive:

“An SIS officer said it would take only moments for a USB drive to be inserted in a police computer terminal and for a program allowing remote backdoor access to be loaded.”—Stuff

It’s questionable why USB access would even be enabled on computers that have access to such confidential material.

Why New Zealand?

Intelligence

Gordon Thomas, who has written about Mossad says that Mossad trainees, possibly picked during compulsory military service, were usually planted overseas in groups of four. He says that the CIA and MI6 have offices in Auckland and have “held high-level meetings with New Zealand spy bosses”. They want to know what sparked the SIS investigation, what investigations were carried out and what passports the group possessed. He thinks New Zealand is a credible Mossad target because al Qaeda cells could expand into the Pacific Rim. Israel would want to know what our intelligence agencies know, what they are sharing and how good they are at getting information.

He says that Mossad has a reputation for using students as agents and that using two couples is “standard Mossad operation style. The reason they have a man and a woman … it’s easy to pass unnoticed, unchallenged, and the woman acts as back-up.”

Passports

New Zealand passports are readily accepted around the world. Anyone gaining one who had nefarious purposes would likely face no contest at a border. Paul Buchanan, who has worked at the Pentagon says that it’s unlikely the four were Mossad agents because of their age and the apparent low-level task of passport fraud they were undertaking, but they might have been recruits operating as sayanins, the Hebrew word for helper. He says that after the September earthquake, Christchurch may have been seen as a good target to get names of New Zealanders to use for false passports.

The three survivors from the van gave an interview to Haaretz, an Israeli newspaper, days after the earthquake. It would seem unlike spies to put themselves out in the public eye like that, but maybe that’s reverse psychology. Who knows.

^{Image credits: Ian Rutherford, Ludovic Bertron, J Aaron Farr, Tom Raftery}