https://www.police.govt.nz/advice-se...try?nondesktop
Printable View
What's everybody's thoughts?
Dumb idea that you if you buy ammunition you have to enter the info on all your firearms in the registry - it will result in an early flood of info and crash the whole system.
Heaven help us - the amount of information required is detailed.
They expect everyone to update the registry themselves online - I can say "fuck that" - it will be quicker to fill in the forms and make the police update the registry - they then have the responsibilty for keying errors - let them waste their time at the kepboard.
Every temporary transfer of 30 days - well - they best hurry up the licence renewal process or licence holders will be needing to notify thousands of transfers as there licence is not renewed on time. Do that via hardcopy.
The whole exercise looks to be an expensive exercise in time wasting.
Oh - that proposal is not easy reading.
its going to be a fustercluck, and will never be reliable.
and how is it going to work if you lend a rifle to a fellow FAL for a month, do we have to register it to them etc?
its all a load of political bollocks
It is what it is, so I am going to try be as constructive as possible.
The first statement they make - " The inclusion of licence holders’ personal and licence details in the Firearms Registry is a necessary first step before the Registry can begin recording details of the arms items you hold. These need to be recorded against the licence holder along with endorsements held."
This is incorrect. What they need is only your licence number. Your details are all linked in the police system anyway, and adding all your details makes your safety and privacy very vulnerable indeed. Anyone querying the firearms database needs to first access your FAL number via the Police computer system and then use your FAL number to see what firearms are registered. Does that make sense? Think of the missing name,
address and phone number as an additional line of defence.
In the final box I asked how much compensation I would get and will that include free guards at my front gate when note I said when not if the register is hacked, other than that I tried to be as constructive as possible with all my I don't agree answers to every question.
so how do you enter non English characters if say you own a moisin nagant ?
Valid question, and worth adding to a submission. What about Nazi markings on firearms? That is a serious question.Quote:
Originally Posted by gonetropo
It appears that there is no cost which is good, but then if we have to do the work then that's how it should be.
Everyone should do the hard copy (paper) option. Then any keyboard errors are on them. And it will slow the whole thing down to an absolute crawl.
Hopefully it gets the ol yeetus deletus with a regime change
like another added tax on kiwisaver........ difference being FAL holders are a small minority by comparison....and big business isnt going to loose $$$$Quote:
Originally Posted by Beavis
Looks like I have 4yrs and 11months to fill out the paperwork, I wonder how switch barrel firearms (blaser, etc) will be treated/registered?
well that took a good hour to do.....
4 years and 11 months - unless you do something like move house, or buy ammunition!Quote:
Originally Posted by outdoorlad
Good pointsQuote:
Originally Posted by Bol Tackshin
I will submit this too and the point made by someone else about cyrillic characters eg on a Mosin
As with everyone else, it is an absolute boondoggle but that is not what this thread is about
Imagine the fun we could have if we chose to complete the forms written in our choice of language. I'm of Danish decent, might fill mine out using my original native language. Might slow the system down somewhat. Dette er min skydevaben ansogning, translation
this is my firearms application.
When filling out the submission form, make sure you tick the box so that your details are not provided to anyone seeking information under the Official Information Act. I can see this happening and people being very unhappy about it after the fact.
Don't agree with any of it but that aside.
I can see a gap in the process that when you do the initial submission of information or when changing address you must provide the capacity of your storage. No where is there a complimentary process for capturing an upgrade or addition to your storage capacity.
I also believe, despite reading the relevant legislation a few times, that the Arms Act is very vague in whether you need to inform the police when you change the security or add to your security arrangements in your current address.
While not related to the registry. I also have a substantial issue with the requirement to provide my primary care provider as a firearms licences holder. I consider this a significant breach of privacy. I also can see why they may want this information but firmly believe that it is counter productive in the intention. Any licence holder having a mental health, alcohol or drug issue is less likely to seek timely treatment if they are concerned that such seeking of treatment may impact their current and future ability to hold a firearms licence. I know these concerns align with similar concerns raised by the Privacy Commissioner which remain unresolved.
He's a manipulative arseholeQuote:
Originally Posted by muzza
What if you are not registered with any Dr's? I asked in mine what they are going to do to get the gangs to comply
They waste money on stupid shit all the time. Aside from that, I think that it will be US paying for it rather than them anyway.Quote:
Originally Posted by small_caliber
I've referenced the previous leak in my submission: https://www.nzherald.co.nz/nz/old-au...WHDBTH4JBPWCY/
Reported in the news 2 days ago, that nobody will be taken to task for leaving the firearms owners private details (which were consequently stolen) in an insecure and abandoned police building. No surprises there. And if the new registry gets hacked as a result of incompetence...?
Nothing will change ! hahaQuote:
Originally Posted by small_caliber
The registry will get hacked - not by incompetence - by deliberate illegal access.Quote:
Originally Posted by Ranger 888
There are about 11-12,000 police staff, sworn and unsworn.
Almost all are reliable trustworthy people.
That leaves a few dodgy ones who can't be trusted.
It will take only one dodgy untrustworthy person the breach the security of the registry. It will happen.
Consider the prosecutions for sworn and unsworn staff access to databases in an improper fashion.
The registry will be the shopping list that gangs will be using.
Unfortunately I agree, this system will be breached, eventually, most likely in a way that involved someone with authorised access and therefore security of the database from outside access will be irrelevant.Quote:
Originally Posted by Cyclops
The blame will be put on the individual who did the illegal sharing of information when this does happen but it will be a failure of the controls of the database which assumes compliance within Police and didn't account for the human factor in security design.
The risk is all on the people that hold firearms licences and not on Police at this point as we will be the ones put in danger from theft and potential assault from people trying to access firearms they know we possess.
I am not comforted by the platitudes provided about the security of the system. I want to see external judicial control on the access of the information which requires a request to access the information on a case by case basis rather than having uncontrolled access made by "authorised people".
At the very least if anyone accesses the information of anything in this registry I want internal accountability on a process on which this access is justified.
Having trained some people on government systems I know the people factor is the weakest link in the strongest designed systems. However the people typically have little information security awareness, training or knowledge and certainly by in large the technological competency of most users is abysmal.
The security of the database is definitely a concern. There was the recent Auckland police data theft, but that is chicken feed in term of risk compared to a breach of the incoming database.
The first breach we should look at is the buy-back one - https://www.stuff.co.nz/national/pol...uyback-website Yes, it was disappointing to the police, but their response was even more disappointing to anyone who takes their privacy and security that stems from that seriously!
If you are making a submission, think about this: https://www.stuff.co.nz/national/cri...o-gangs-jailed
Yes, they jailed him, but the information cannot be reeled back in once it has been given out.
The police association's own website (see https://www.policeassn.org.nz/news/c...-seeps-into-nz ) has this to say: "NOCG crime manager Detective Inspector Paul Newman says that while there’s little evidence of systemic corruption within New Zealand, it is increasingly at risk of being exploited by more sophisticated criminal groups.
“Organised crime at this level doesn’t exist without corruption,” he says.
Last year, police exposed baggage handlers at Auckland Airport who were being used by gangs to ensure that drugs brought in via aircraft avoided the normal security screening process. One of the baggage handlers had $250,000 stuffed into the roof cavity of his new home."
It is cases like this: https://www.nzherald.co.nz/northern-...UAPVR5XTOUXZU/ that concern me - where police have access to something that has value to gangs, some, likely a very small minority, will cave and compromise the integrity of the system.
It only has to happen once.
There was a story about a police recruit with gang connections among their immediate family. I can't find a link to it though. Anyone help out here?
We haven't even touched on the other agencies that will have access to the database. If you have any examples of how people have been compromised, please post them. The stronger the message, the better for us.
Google it; it's out there.Quote:
Originally Posted by Bol Tackshin
@Ranger 888 - I spent a fair bit of time and my entire lunch break on Google today. Hence why I asked for help.
https://www.odt.co.nz/news/national/...n-police-force
https://www.stuff.co.nz/national/cri...l-mob-gangster
https://www.nzherald.co.nz/nz/auckla...6AEYGHRDDXNWY/
All examples of the weakest link in the chain - those very people entrusted to keep shit safe and secure.
So where do we find the definition of what is a major part? No barrels have serial numbers these days, so if you have a spare tube or two that are a generic part what gives with those? Where does one find the specifics on entering info - can't see anything about the 'how' of doing it apart from the comments above that you can enter it online or via hardcopy. It would seem that unless you have one or two thing it's going to be hugely easier for the licence holder to document on paper and take in a ream or two and plonk down on the arms officer's desk... It is going to be interesting to see how Police handle this as I cannot see them having enough resources to deal with it effectively given the current fiasco with licence renewals. Ammo being added to the registry is an interesting one as well, are we going to have to account for expenditure? Manufacture of ammo (reloading)? As others have stated, firearms already marked with a legal number from the manufacturer that isn't in english or arabic characters - what happens there and who pays to have the firearms re-marked lawfully? No point remarking a few thousand firearms as A1. I've seen recently firearms marked with cyrillic characters, turkish, jewish (yiddish), siamese, japanese, chinese, and a couple I have no idea what they were.
The further down this rabbit hole we get, the less competent and appearing to be 'in touch' with the day to day practicalities, that the powers that be appear to get - I just get the feeling that they think everyone is a deer, bunny and duck hunter with 3 firearms in a rack in their bedroom cupboard.
Quote:
Originally Posted by No.3
I have been informed that Rotorua Police are advertising for a full time fal screener/interviewer/whatever, with a salary of about $70k. It was suggested I could apply, but Nah. A guy I know who had a similar position reckoned he spent his days interviewing/inspecting firearms related items, then half his evening entering the info onto their database.
Page 37Quote:
Originally Posted by No.3
major firearm parts [the action (frame, receiver or upper and lower receiver) of a firearm, the
frame of a pistol, and a calibre conversion component or kit of a pistol
It was defined in one of the recent law changes, pretty sure it was the same definition.
Just read the job description - "experience with firearms may be an advantage but is not necessary".
Shows how much they value and believe in their rhetoric when they don't even think experience with firearms is a pre-requisite. And they likely won't get many applicants at a starting rate of 62,670 (roughly $30/hour) when you are having to use your own vehicle...
First thing I spotted:
3 years is a long time to renew C&A's. A typical IT system would be 2 years. A sensitive system like this should be done annually (i.e once a year).Quote:
Initially, and every three years, the system’s design, implementation and service management complete the Police Certification and Accreditation process, which is directed from Government through the NZ Information Security Manual and the Protective Security Requirements. Accreditation – or formal approval to operate – is provided by the Police Director of Assurance on successfully passing the certification process.
Also you guys want to see something funny... use this tool: https://www.checktls.com/TestReceiver . In the email target put police.govt.nz (this doesn't do anything bad, this is a free public tool to help validate email security).
You'll see a report generated that shows that the NZ Police email system uses self signed certificates. Why is this bad? Well it's kind of like making your own drivers license. The certificate is part of the encryption process for communications between email servers. When another system tries to send an email to NZ Police, if it requires strict TLS compliance (which is not uncommon) it will see the self signed certificate and decide to fall back to clear text (unencrypted). It also means an attacker could potentially spoof (fake) being a NZ Police emails server.
This also means it is likely email flowing out from NZ Police has the same issue.
tldr version- NZ Police have a poorly setup and potentially insecure email system. Currently, as in right now, as in the same time they want you to trust them to build a secure registry (which incidentally would like use this email system).
To put this in perspective, to fix this would require the installation of a certificate which would cost ~$11.25 on each server (there are two) and would take less than an hours work.
Also did you guys spot this:
I haven't seen anything about other agencies accessing the firearms register? I wonder who this is or why?Quote:
Police understands that concerns have been expressed about the privacy, security and safety risks associated with multiple agencies accessing the Firearms Registry.
I have just completed the on line submission. I added comments and suggestions to every question. In short, I disagreed with everything on the basis that the registry would provide no tangible benefit to Police or the wider society in New Zealand. I suggested that Police should trust fit and proper firearms license holders, their clubs, ranges, executors, administrators and others with powers of attorney over their estates, to act appropriately and in accordance with the law. And Police should redirect their efforts and their budget toward dispossessing gang members, their associates and other non firearms license holders of the firearms that are in their possession.
The underlying tone of my submission was to abandon the registry as it is unnecessarily bureaucratic and will be insecure, will compromise licensed firearms owners, their families and their legitimately held firearms and will ultimately fail and be abandoned.
Regardless, I believe that the registry will go ahead and only time will enable Police to see that I am correct.
Interesting tool, Vulcan.
Waikato Firearms Office 89%
Attachment 205117
Another govt dept that has suffered severe attack 93%
Attachment 205118
A commercial system where everyone assumes you sell your data in exchange for free email 97%
Attachment 205119
A system that prides itself on security (limited service but free) 100%
Attachment 205120
