Risk

There are 4 factors that make the Firearms Registry too vulnerable to be defensible in current form.

• Irrevocable: With the breach of a bank computer where money is stolen or credit card records hacked, the theft is insured, the cards can be replaced and the customer can change banks if they lose confidence in their bank. But if the registry linking actual firearms with physical addresses is stolen, the only way to protect the registered owners is to change all street addresses in NZ. Otherwise, as soon as the registry is loaded on the dark web, criminals know which addresses to target to steal specific firearms by make, model and cartridge. Worse, if the stolen registry is out of date, the new non-gun-owning occupant of a once-registered home will be a target.

• Hackable: While FSA writes “The platform has been through multiple security assessments by Government approved independent security experts. These are the same security experts that do assessments of New Zealand banks, telecommunication providers, government departments, and insurance companies.” It is an absolute and well-known fact that no data base is 100% secure and “expert assessment” gives farmers, hunters and target shooters no sense of protection. This will become more of a problem as AI advances are applied to cracking security. Unless the experts have provided the full breadth of Black Swan events and incorporated them into their security assessment, their assurances are worthless. Further, different databases have differing value to hackers. A firearms registry is high value.

• Value: A stolen registry has multiple values:

1. Market: Common criminals buy a shopping list of specific firearm addresses
2. Ransom: Crypto-hacking gangs demand money to not publish it on the web
3. Weapon: Foreign, unfriendly government uses cyberwarfare to create chaos

• • Compromised Insiders: Foreign and domestic enemies have been penetrating government agencies for centuries. In June 2023, 21 year old Jack Teixeira, a Massachusetts Air National Guard member with high-level security clearance was indicted for publishing highly classified military secrets on social media to impress his peers. Insiders include:
  • Hostile insiders include moles, sleepers and other foreign agents who are embedded for cyber war. These agents are much less likely to get caught, and if caught, unlikely to make the news until they have published the firearms registry for ever criminal in NZ to use as a shopping list. Cyberwarfare is real, and it is run by government-funded agencies who hire the world’s best and brightest, give them unlimited hacking resources and constantly improve. Cyberwar is like blowing up a reservoir to cause irrevocable civilian damage. Release of the registry would put 250,000 licensed firearm owners and their families at risk, as gang members and criminals would know which address to target. As a black swan event, the confidence of all Kiwis would be shaken, as the people would see their police as bumbling amateurs who put everyone at risk, not just those on the registry. Of all the black swan risks, this is the most likely, most impactful and would come at a time of global tension or outright war. The only protection is physical isolation – or cancelling the registry.
  • Ideological Employees are people ideologically opposed to civilians holding firearms such as animal-rights activists, who apply for police jobs where they have legal access which they abuse by release of the registry to force an outcry demanding all legally-owned firearms be banned. Edward Snowden and Private B.E (later C.E.) Manning are examples of employees who released secure data to give effect to their agenda.
  • Corrupt Employees include employees who have access to the registry and use or disclose partial contents for money, revenge (targeting a 3rd party) or retribution  (anger at their employer or supervisor), or in some cases out of curiosity.  Consider these headlines on are corrupt cop stories. Stories on errors and omissions rarely are reported:

    Corrupt Auckland cop guilty of illegally accessing police intelligence system [ref]     Details of former police employee’s vindictive crusade revealed [ref]
    Former cop charged with illegally accessing computer system [ref]

• Sloppy Employees: When the Auckland Central Police Station on Vincent Street was closed, over 4,000 documents containing personal details of firearms licence holders were left in the empty building, and were stolen. Do a Google search on news stories about highly sensitive government documents in printed and digital form were left in taxis, pubs and commuter trains. There are a thousand ways a sloppy employee can misplace a key to a confidential system, and once the deed is done, it cannot be undone.

Theory versus Reality

The core problem with implementation of the 2023-28 Gun Registry is not in principle but in practice, It is how the registry will collect and hold data, how it can be accessed and who will have security clearance to access it.

Police say “With law-abiding firearms licence holders filling in the new digital Firearms Registry, it will make it much harder for gangs and criminals to acquire guns, says Police.“

The Police have not shown that licensed firearms owners sell firearms to gangs and criminals. It most likely, the record will show gang members and criminals have a roaring internal trade buying and selling among themselves, where new supply comes from theft or smuggling. Theft requires the criminal gets lucky, or knows which houses hold firearms. All the registry will do is to tell the Police which theft victim owned the firearm once it is discovered in a criminal investigation. It will not know how many times that firearm was resold after theft.

Police say “The Registry gives us a new and powerful tool to disrupt the diversion of firearms. It fits alongside the work of Police investigations that go after gangs and criminals directly. It’s part of intelligence gathering and making it hard for criminals to have firearms in the first place.”

Like the assertion the registry will make it harder for criminals to acquire firearms, the police fail to show how the registry will disrupt diversion of firearms. Illegal firearms are not purchased, they are stolen or smuggled. If the police want to go after gangs and criminals directly, use search warrants. Assign a task force whose sole job is to track gangs and criminals.

The Police write ““Over time as firearms licence holders add the firearms in their possession to the Registry, Police attending incidents will be able to check in real time if an address they have been called to has registered firearms. This will improve their risk assessment prior to arrival.”

There are several problems with this assertion.

Licensed firearms owners do not use licensed firearms to commit homicides. The number of firearm homicides committed by licensed holders is less than one per year (excluding the Christchurch terrorist act). The number of firearm homicides committed by non-licensed shooters is about 1 per week. One of these was a gang member who used an AK-47 to kill a police officer during a traffic stop.

In order to improve risk assessment, the police are obligated to show that licensed firearms on the premises increases risk. They have not done so, most likely because there is no increased risk. Where there is increased risk is police using of deadly force because they are informed firearms are on the premises.

Police callouts often are high-stress situations where police must make split-second decisions to use deadly force. Indeed statistics show NZ police kill 15 times per capita in the line of duty than English or Welsh Police [reference]. The risk the responding officer sees something they believe is a presented firearm that turns out to be benign is increased by the officer being informed of registered firearms.

Well that was quick. Within days of writing the Black Swan Event, FSA’s first breach occurs. Category: Sloppy Employees

The emails visible in the CC section included prominent Aucklanders, in some cases revealing the first and last name and place of work. File photo / Andrew Warner

The newly created Firearms Safety Authority have found themselves in the gun after another inadvertent leak of the details of Auckland firearms owners

In an email sent shortly after noon Wednesday, seen by the Herald, Auckland Central Police District firearms staff emailed more than 100 gun owners to warn them their listed firearms licence address may not be up to date.

Their email addresses, in many cases including their first and last names, were visible in the cc field, rather than hidden in the bcc section.

The visible addresses included various prominent Auckland residents, including lawyers, company directors, police officers and government officials.

The email was sent from the Auckland City Police District’s firearms email address and signed NZ police, but also carried the signature and logo of the new Firearms Safety Authority, set up to administer the newly launched gun register.

Asked whether it was police or the Firearms Safety Authority who sent the email, a police spokeswoman said it was the Authority.

The sender attempted to recall the email shortly after it was sent, and also sent a second email asking recipients to delete the message due to an “error in sending”.

In a statement supplied by police, Superintendent Richard Wilson, Te Tari Pūreke Firearms Safety Authority director of operations, confirmed it had sent the email to 147 recipients revealing the email address of the recipients to fellow licence holders.

“This incident is being treated seriously by Te Tari Pūreke, who have lodged this as a privacy breach and will be notifying the Office of the Privacy Commissioner,” Wilson said.

Wilson said it was not sent to any members of the wider public.

“A rapid review has determined that the privacy breach came about from human error, when the email addresses were incorrectly pasted into the ‘cc’ (carbon copy) address field, rather than the ‘bcc’ (blind carbon copy) address field.”

The bungle is badly timed.

The old Vincent St station, from which the firearms documents were pilfered in 2022, was formerly the headquarters of Auckland City police before it was ditched for a new premises at College Hill several years ago. Photo / Herald files

Last month, the firearms registry went live amid concerns from gun owners about whether their details would be safe and secure.

Those concerns came to the fore last year with the theft of old firearms files containing the names and address of thousands of gun owners from the old disused Auckland central police station in Vincent St, first revealed by the Herald.

At the time, one gun owner said he feared a knock on the door from criminals after the the , because the documents could serve as a shopping list for potential firearms burglars.

However, police said last year they had recovered and secured the documents after making an arrest in relation to theft , and had not linked any burglaries to the stolen documents.

One firearms owner caught up in Wednesday’s leak said to make matters worse, the email saying his address was incorrect was itself wrong.

“The firearms officer literally came to our family home as part of a recent license renewal process,” he said.

“It is keystone cop stuff which would be funny if it didn’t put my family in danger.

“Gangs and criminals would no doubt love to get a copy of this shopping list, and now my information, the fact I’m a license holder, has been sent to 100 people whom I do not know.”

He said the leak of the list of owners was exactly the reason he was worried about handing his details over to the new firearms register.

Superintendent Wilson said the Authority wanted to stress the event “was not related in any way to information held securely in its systems” but rather a result of human error.

“Te Tari Pūreke will be making contact with all the affected recipients this afternoon, explaining the nature of the privacy breach, how it came about. Te Tari Pūreke sincerely apologises to all those affected by this event.”

The Authority had begun a “rapid review of its processes around the sending large batches of email” and would be strengthening its processes, he said.

ACT firearms spokesperson Nicole McKee said the error “shows once again that Police are incapable of keeping licenced firearms owners’ information secure.”

“Licenced firearm owners already had little confidence in police’s ability to securely maintain and administer a gun registry and this latest mistake reinforces that. If Police can’t even tell the difference between CC and BCC in an email how on earth can they keep records secure?” McKee said in a statement.

“This episode demonstrates once again that the full registration of firearms is a wasteful and dangerous exercise and ACT will repeal it. It also shows that the administration of information about firearms and their licenced owners needs to be removed from New Zealand Police and placed under the care of a truly independent and trusted firearms authority, which ACT has committed to establishing.”