New Zealand: Big Brother Has to Sign Off on ISP Infrastructure Changes and Personnel
May 13th, 2014So it goes…
Via: ITnews:
Local and international telcos and network providers in New Zealand are now required to comply with strict and complex new communications interception and security legislation.
…
Known as the Telecommunications (Interception Capability and Security) Act (TICSA), the new law requires network operators to register with the NZ Police. Similary, suppliers of a wholesale or retail telecommunications service must provide their information to the police registry.
Registrants must tell the police their total number of connections, customers and size of their geographic coverage, and ensure that law enforcement agencies have access to customer data and connections when needed.
As part of the new law – which requires the country’s main signals intelligence agency, the Government Communications Security Bureau (GCSB) to play a prime role in network and systems security – providers are now dutybound to notify the state about any design and procurement decisions before implementation, according to government guidance [PDF].
Prior to TICSA, network operators were free to design their infrastructure according to their wishes and to meet commercial demands, and to buy equipment and software from any supplier.
From this month, the GCSB has to be notified of and approve proposed changes to a provider’s network operations centre, core network including gateways and interconnects as well customer databases and authentication systems.
Providers will also be required to have their staff vetted for security clearance. However, the GCSB will not run the security clearance process itself, and warns that this “may take a significant length of time.”
Bearing in mind the password-sniffing spyware on Chinese-made drives, the terrorist activities of France and abuses of Israel against NZ in the past, and the growing role of cyber-warfare in economic/industrial competition between nations, some of this makes some sense to me. I notice Australian companies are singled out in the article, which suggests concerns about commercial spying. It also says Google, etc. aren’t happy with the new legislation.
If we find that the US-made backdoor-infected stuff (https://www.cryptogon.com/?p=43826) is the only approved equipment, the cat will be out of the bag as to who’s behind this, but the GCSB/Echelon connection seems clear enough to make that call now. It would be interesting to see a list of the approved equipment and the criteria for employment approval.
More here:
http://www.itnews.com.au/News/352045,google-microsoft-claim-proposed-nz-spy-law-threaten-it-industry.aspx
http://tuanz.org.nz/blog/2013/7/29/electronic-mccarthyism
Perhaps there’s a spot of conflict due to differing goals of different schools of thought regarding how to design the matrix;
The Cold War total control types are knocking heads with the immersive-programming Borg types; Internet as surveillance tool vs. internet as vehicle for media, advertising and commerce.
As a Kiwi who hasn’t been home in a while, I’d be very interested in hearing what someone who knows more about what they’re talking about than me has to say about this.
More for anyone interested:
http://thestandard.org.nz/nrt-did-the-nsa-write-john-keys-spy-bill/
http://pundit.co.nz/content/john-key-and-those-gcsb-questions