Slashdot Mirror
New Zealand Spy Agency To Vet Network Builds, Provider Staff
Bismillah (993337) writes "The new Telecommunications (Interception Capability and Security) Act of 2013 is in effect in New Zealand and brings in several drastic changes for ISPs, telcos and service providers. One of the country's spy agencies, the GCSB, gets to decide on network equipment procurement and design decisions (PDF), plus operators have to register with the police and obtain security clearance for some staff. Somewhat illogically, the NZ government pushed through the law combining mandated communications interception capabilities for law enforcement, with undefined network security requirements as decided by the GCSB. All network operators are subject to the new law, including local providers as well as the likes of Facebook, Google, Microsoft, who have opposed it, saying the new statutes clash with overseas privacy legislation."
It's not illogical at all. You just mandate that all traffic goes through a room controlled by the government for "Lawful Intercept." That way you can say that it's done for law enforcement, but the reality is they're emulating the USA and keeping everything while also MITMing anything they feel like.
So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
I have permanent residency (and thus voting rights), and I think tha**THE GOVERNMENT OF NEW ZEALAND IS DOING THE RIGHT THING**his is a load o**JOHN KEY IS A GREAT MAN**ollocks.
... why NZ is seen as a hot bed of terrorism, naughtiness and general mayhem. The lead item on the news last night was a political hopeful having to pay back about $350 after claiming on a flight for a friend. Wow. This isn't a country where much happens.
"The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
If you have to have software that's designed to meet a required lowness of confidentiality, you'll be the only country writing it. You probably won't trust another tin-pot country's software, and will have to keep doing it all yourself.
Vendors want to sell software that meets the highest standards, so they can sell it into lots of countries, not write individual specials for every tin-pot dictator on the planet.
Image how much fun it will be, trying to write your own routers, your own google, your own facebook, etc, etc. All so you can lower the quality.
davecb@spamcop.net
Can you imagine the delays and effort involved in liasing with Government for such a matter - let alone discusisng your technical network infrastructure, co-ordinating change management, etc.
It would be worth bringing this before the WTO for consideration.
If I were John Key and I had a daughter in a Paris art school I'd want to keep her tits off the screens of millions of voting Kiwi's.
http://www.dailymail.co.uk/news/article-2401561/Does-know-shes-Daughter-New-Zealand-Prime-Minister-bizarre-erotic-photoshoot-posing-octopus-Big-Macs.html
...before applying the hammer. As has been repeatedly pointed out, this was done by the Nazis, the Soviets, and plenty of other authoritarian regimes shortly after (or just prior) to their rise to power. Once the ubiquitous surveillance and low security or legal cracking in is place, they can go ahead with the coup since the media has always been complicit and the only hole is the internet. Remember, this isn't in some 3rd-world country, but in nations that have access to the best electronic warfare tech--and jamming the unlicensed bands is incredibly easy.
All network operators are subject to the new law, including local providers as well as the likes of Facebook, Google, Microsoft, who have opposed it, saying the new statutes clash with overseas privacy legislation.
They already famously route everything through the United States and its complete lack of privacy laws anyway. What do they care?
Don't tell me the likes of Facebook, Google and Microsoft are worried about their image as protectors of user privacy...
As with the United States and Australia, the people of New Zealand (and other democracies and democratic republics) elect their government and thus have control over their politics.
One must assume that in all of these places, the majority agree with these policies.
Shocking? To me, but apparently, I'm not in the majority.
If you want news from today, you have to come back tomorrow.
This is setting the precedent for IT workers to need government certification. It's as dangerous to the operators of the internet, as the net non-neutrality is to the routing policies of the internet.
When Jefferson said "Where governments are afraid of the people, there is freedom" he obviously didn't take into account the possibility that governments could preemptively terrorize its people to avoid having to be scared of them.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A service provider (also defined in section 3 of the TICSA) is;
a) means any person who, from within or outside New Zealand, provides or makes available in
New Zealand a telecommunications service to an end-user (whether or not as part of a business
undertaking and regardless of the nature of that business undertaking);
Does this mean they can go after TOR and VPN operators wherever they are?
When our name is on the back of your car, we're behind you all the way!
The internet for good.
I double checked, the NZ law is actually called the "Telecommunications (Interception Capability and Security) Act of 2013". No bullshit Patriot Act doublespeak. Give credit where credit is due.
I see huge boost to the local economy, when money stays in circulation there instead of going to china in exchange for modern day pearls. I see those lower quality programs and equipment gaining foot hold in other countries as well, because they can be sold for peanuts. They are already written, so all extra income is extra income. This drives more money to local economy. I see people being quite happy with the routers and lower quality software they get. Just look at the USA, they were perfectly happy with their crappy cellphones, internet, cars, and everything when they didn't know other places had better things. They even thought they had the best! It's all about marketing.
Time to buy a one-way ticket and leave NZ.
I wonder what Kim Dotcom thinks of this: http://websitenews.co/hosting/news/new-zealand-spy-agency-to-vet-network-builds--provider-staff
Meaning: We already do that for the NSA/DEA/FBI and you're not invited.
Demand without a warrant? There still needs to be a legal basis for the ISP to breach their customers privacy.
-.-. --.-
There's no obligation for ISP's to have staff go through security clearances - in fact plenty wont pass the requirements (citizenship/residency for >10 years). ISP's can nominate staff to be vetted and those that're vetted, can be given more background as to why some information is being sought or why a particular issue is being flagged.
Important to note that the GCSB focus here is 'national security' and this isn't quite the same as lawful intercept for other purposes.
-.-. --.-
The guidance document as published at http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf states:
> To assist the GCSB and network operators to work together on network security risks, network operators
> may nominate a suitable employee (or employees) to apply for a SECRET level GCSB sponsored security
> clearance.
> Network operators may also, upon request, be required to nominate an individual for security clearance
> (section 75).
> Having cleared staff within network operators allows the GCSB to share certain information about network
> security risks that is classified. While these individuals cannot pass classified information to un-cleared
> colleagues, they will be able to give informed guidance on identifying and addressing network security
> risks.
> If a network operator does not have cleared staff, the GCSB will still seek to engage with them, and share
> what information it can about network security risks.
The legislation itself states:
A network operator must, within 10 working days _after being required to do so_ under subsection (2), (3), or (4),—
(a) nominate a suitable employee to apply for a secret-level government-sponsored security clearance (a clearance); and
(b) notify the employee of the nomination; and
(c) give written notice of the name and contact details of that employee to the Registrar.
- so the vetting obligation isn't an obligation until the Network Operator is 'required'. The rationale for putting staff up for vetting seems sound, but as you can see from the last part of the quote from the guidance, they can still work with service providers that don't have cleared staff.
-.-. --.-
Kim dotcom moved to New Zeeland and started Mega. After being prosecuted for running MegaUpload.
Maybe this is to hurt him and his business? They also stormed his house like he was a terrorist, so maybe the anti-piracy have their claws in the NZ government.
ya, it's quite clear it's meant as "as opposed to what we just went through for several decades-plus where we feared the state, if we keep the state afraid of us, there will be freedom"
I did some work for government department that required GCSB approval for encryption standards. They wouldn't tell us what standards we could use, only that we would tell them what we proposed and that they would say whether this was ok or not. After we submitted our proposed encryption standard we never got a response from them. The chances of a network operator ever hearing back from the GCSB is slim to none. They're a stupid incompetent department and this is a stupid law.
Just who did the behind this bribe? What a TERRIBLE act! I used to have a lot of respect for NZ, but no longer. Sorry Kiwis, but I won't be visiting your beautiful land any time soon... :-(
Sometimes, real fast is almost as good as real-time.