Changes to TICS Bill

October 15th, 2013 at 10:00 am by David Farrar

has announced:

Communications and Information Technology Minister Amy Adams has today tabled a Supplementary Order Paper to make further improvements to the  (Interception Capability and Security) Bill. …

Clause 39 of the proposed Bill currently allows the responsible Minister to direct that a network operator must not resell an overseas telecommunications service in New Zealand where the interception capability, or lack of interception capability, raises a significant risk to law enforcement or national security.

It is proposed to remove Clause 39 from the Bill altogether, and, instead, matters of non-compliance could be addressed through the compliance framework.

Part 3 of the Bill deals with the partnership approach between the and network operators to protect network security.

To ensure that this interaction occurs in a timely manner, it is proposed to introduce the ability for the Minister responsible for the GCSB to make regulations that require decisions to be made under specific timeframes, in the event that decisions are not being made in a sufficiently timely way.

It is also proposed to narrow the scope of the matters that must be notified to the GCSB, reducing compliance costs for network operators.

As a last resort, where network operators and the GCSB are unable to agree on how to respond to a network security risk, Clause 54 of the Bill currently provides that the responsible Minister may issue a direction.

Before the GCSB can ask the Minister to make a direction, a further check and balance will be introduced.  The Commissioner of Security Warrants will now be required to carry out an independent review of the material that informed the GCSB’s risk assessment, and report on whether, in their opinion, the risk amounts to a significant risk to national security.

These looks like very welcome changes. The requirement for the Commissioner of Security Warrants (currently former Court of Appeal Judge Sir Bruce Robertson) to do an independent review in the very very unlikely event of the Government believing that what a network operator is planning could threaten national security, is sound.

“Although public input has resulted in significant improvements to the Bill, some of the submissions received did not reflect an accurate understanding of what the Bill does and does not do,” Ms Adams says.

“In particular, I would like to reassure people that this Bill does not change the authority of agencies to intercept telecommunications, it does not change existing privacy protections, and it does not require data to be stored or require stored data to be disclosed. The Bill only relates to real time interception.

This is a key point that many have missed – it is about real-time interception. The major users of this ability are the Police for ongoing criminal investigations.

There’s also a comparison table between the current law (TIC Act) and this proposed law (TICS Bill). I think they show that in some areas the law change actually reduces compliance costs on ISPs. There is no expansion of powers in terms of surveillance. There is an expansion in terms of the GCSB’s role in syber-security where they can (ultimately) ask for a Government order if they believe a proposed action would be a threat to national security.

Ironically that proposed power has its genesis in the opposition scaremongering over Huawei winning some contracts in New Zealand. They kept demanding the Government do something on the basis the Australian Government had excluded them from the NBN build there. The Government doesn’t believe there are any national security issues around Huawei, but it was the scaremongering that highlighted that even if there were, they actually had no power to exclude a company that did have national security issues. So a bit rich for opposition MPs to complain about a clause that their scaremongering created.

There’s still some elements of the bill which I’m not enthusiastic on. I don’t think ISPs (or network operators) should have to register with the GCSB as it sets a bad precedent. As far as I know there’s never been an issue with locating an ISP, and its directors. I’d prefer that clause to be removed. As I said, a precedent of an ISP needing to register with the Government is not healthy – even if well intentioned.

But the SOP by Amy Adams is a significant improvement to the bill, especially having the Commissioner of Security Warrants do an independent assessment if there is ever a stand off between the Government and an ISP over a proposed network build decision.

Also a useful read are these two diagrams showing how the interception and network security processes will work.

5 Responses to “Changes to TICS Bill”

  1. Redbaiter (11,656 comments) says:

    Government search and surveillance is completely out of hand.

    We are giving powers to bureaucrats to delve into out personal lives that could easily be abused in future by governments without moral restraint. Only those ignorant of history do not realise the truth of that statement.

    The key words “threat to national security” are far too vague. I don’t get why the Police need such a definition when they are not really the govt agency dealing with National Security issues.

    Our traditional rights are under threat like never before as government continually over reaches. We now have so called SWAT teams that resemble jack booted Nazi goon squads. And “Security Agents” busying themselves with file sharing issues. Gross government over reach.

    “Liberty lies in the hearts of men and women. When it dies there, no constitution, no law, no court can save it.” – Justice Learned Hand

    There is IMHO an urgent need to heavily reduce the government’s ability to spy on citizens and their communications. This bill does the opposite.

    Vote: Thumb up 3 Thumb down 1 You need to be logged in to vote
  2. Yoza (3,053 comments) says:

    A serious crime
    occurs, such as
    murder or drug

    Murder, rape, kidnapping, causing grievous bodily harm are serious crimes. Drug manufacturing is providing a service to a ready market, the drug manufacturing industry needs regulating rather than criminalising.

    Using bogeymen, like organised drug syndicates, to legitimatise an excessively intrusive surveillance regime is developing a prison camp mindset. I think this is supposed to create a chilling effect where anyone involved in political dissent (reflexively defined as a threat to national security by the GCSB) should assume they are being monitored.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  3. dave_c_ (861 comments) says:

    Ah, but “it is for your own benefit and safety” – yer right

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  4. Yoza (3,053 comments) says:

    H. L. Mencken: “The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary.”

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  5. davidp (3,866 comments) says:

    >As a last resort, where network operators and the GCSB are unable to agree on how to respond to a network security risk, Clause 54 of the Bill currently provides that the responsible Minister may issue a direction.

    This is a bad bill. Public servants and Ministers shouldn’t be making operational decisions regarding the IT security of private companies, especially private companies like Telecom and Vodafone who employ hundreds of engineers and IT security professionals who specialise in designing and operating telecommunications infrastructure.

    It’s also a pointless bill, since most over-the-top services that people use are based elsewhere in the world. We can pass legislation to apply to every cloud based technology company or service provider, no matter where in the world they are. But sooner or later they’re going to tell the NZ government to fuck off. Are we prepared to set up a Great Firewall of NZ and stop NZers accessing Google, GMail, and YouTube?

    Lastly, the idea of combining an intelligence agency with cybersecurity is just wrong. These functions are opposed to each other. Split them apart and relocate cybersecurity somewhere sensible where it can be open, can work with business and citizens, and where its objectives will include securing IT systems rather than weakening them just enough that they can be monitored by government.

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote