by Dave Rhodes
There is renewed agitation within the firearms community over New Zealand’s firearms registry, and it is not hard to see why. What is striking, however, is that this is not simply a “gun lobby” issue. It goes to the heart of something CORANZ and its member organisations care deeply about: trust in government systems that collect sensitive personal data from law-abiding recreationists.
For many outdoor users - hunters, pest controllers, farmers, guides, and back-country trampers - firearms are tools, not symbols. They are part of lawful recreation, game management and conservation activity. When confidence in how information about those tools is handled is eroded, participation itself is affected.
The issue is no longer theoretical
Concerns about firearms registration are often dismissed as ideological resistance. That dismissal no longer holds. New Zealand has a recent and uncomfortable history of government-held data being exposed, misused, or poorly secured.
High-profile failures - from accidental disclosures to systemic weaknesses in health and social service platforms - have undermined public confidence. The controversies surrounding the Manage-my-health platform merely reinforced a broader perception: large, centralised databases containing sensitive personal information are not always as secure, well governed, or purpose-limited as the public is assured.
Firearms ownership data sits at the high-risk end of that spectrum. It links names, addresses, and assets that are inherently attractive to criminals. Once exposed, such data cannot be “un-leaked”.
A legitimate safety concern - but only if it works
Supporters of firearms registration argue it improves public safety. That may be a reasonable objective, but it only holds if the system:
- is demonstrably secure,
- is tightly access-controlled,
- is used strictly for its stated purpose, and
- does not create new risks greater than those it claims to mitigate.
If a registry becomes a shopping list for criminals, or a source of anxiety for compliant users, it fails its most basic test.
Recreationalists are pragmatic. They accept rules when those rules are clearly justified, competently administered, and proportionate. What they resist - rightly so - is being asked to carry the risk for a system they do not control.
Why CORANZ should care
CORANZ represents a wide range of sporting and outdoor interests. Not all involve firearms - but many do, directly or indirectly. Hunting, conservation work, pest management, and rural recreation all intersect with firearm use.
More broadly, this issue reflects a pattern that recreation groups have seen repeatedly:
- Centralised decision-making
- Poor consultation with end users
- Assurances given before systems are fully tested
- Risk being transferred to individuals, not agencies
Whether the topic is firearms, access permits, catch reporting, aviation licensing, or land-use compliance, the same concern arises: once trust is lost, participation declines.
That has flow-on effects for conservation outcomes, safety culture, and community resilience - particularly in rural and remote areas where outdoor skills still matter.
Data security is not a side issue
Too often, data security is treated as a technical detail rather than a policy issue. That is a mistake.
For firearms owners, the consequences of a breach are personal and immediate. For government agencies, the consequences are often diffuse and delayed. That imbalance matters.
When agencies insist that “no system is perfectly secure” while simultaneously requiring mandatory participation, they are effectively asking citizens to accept asymmetric risk. That is not a sustainable social contract.
A supportable registry must be:
- minimal in scope,
- independently audited,
- transparent about breaches and near misses,
- and accountable when failures occur.
Anything less invites resistance - not because people are reckless, but because they are rational.
This is not about undermining public safety
It is important to be clear: questioning the design and security of the firearms registry is not opposition to public safety. On the contrary, it is about ensuring that safety measures do not backfire.
Outdoor communities have long histories of self-regulation, training, and responsibility. Hunters, in particular, have strong safety cultures precisely because mistakes have consequences.
Policy that alienates those communities risks driving behaviour underground, reducing cooperation, and weakening - rather than strengthening - safety outcomes.
A wider warning sign
The firearms registry debate should be read as an early warning for other sectors. If sensitive recreation-related data is mishandled here, it raises legitimate questions about future systems affecting:
- access permissions,
- activity tracking,
- licensing,
- or environmental compliance.
Once precedent is set, it rarely retreats.
CORANZ’s role
CORANZ does not need to take a position on firearms policy itself to recognise a deeper issue: good policy depends on trust, and trust depends on competence, restraint, and accountability.
Supporting calls for robust data security, independent oversight, and genuine engagement with affected communities is entirely consistent with CORANZ’s mandate. It signals that recreationalists are not anti-regulation - but they are firmly pro-competence.
If government wants cooperation from outdoor communities, it must earn it. Secure systems, honest communication, and respect for risk are not optional extras. They are the foundation on which compliance - and participation - rest.
Sadly the police has lost a high degree of respect with mistakes re firearms, e.g. how on earth was Australian terrorist Tarrant given a firearm licence by police, given glaring characteristics to his application? How was a warning from an ammunition retailer ignored? Why wasn’t he checked with Australian authorities who had him on their watch list?
Remember firearms thefts from a police station? Then the McSkimming offence which got the proverbial slap with a wet bus ticket, the sexual abuse of Louise Nicholas.- all are earning police a reputation heading to Keystone Cops except it’s no laughing matter; it’s damned well serious.
I remember talking to a computer security guy years ago, when I asked him how best to secure my data – unplug the machine, place it in a vault and close the door!
In essence, anytime a computer system is connected to the internet it is at risk.
So why do all the “Internal” systems holding sensitive data have any internet connection at all? Networks running internally, yes, but why allow sensitive data to be placed at risk?
In the days of the Wanganui Computer Act. all police data was held securely with no possibility of public access – so what’s changed?
Although I know the team who did the penetration testing and the system is secure, this does not protect it from malicious actors within the police, or incompetent staff. We have seen clear evidence of both in recent weeks and that will continue regardless which team ends up managing the register. There’s also the fact that the Australian company chosen to build the register NZ paid $1.54 Million Penalty (2022): In July 2022, the New Zealand High Court ordered Objective Corporation to pay NZ$1.54 million for breaching the Commerce Act 1986.