Story image

REVEALED: Dirty deal between NZ telcos and the GCSB...

18 Sep 14

The relationship between New Zealand's spy agency the GCSB and local telcos are governed by the TICSA (Telecommunications Interception Capability and Security Act 2013).

Passed on November 11, 2013 by the National government, the legislation came into effect on February 11 this year, with every telco operating in New Zealand having three months to become compliant.

It covers the responsibilities of all New Zealand telcos to the government surveillance agencies, with the overall objective described as:

"The purpose of this Act in relation to interception capability is to ensure that surveillance agencies are able to effectively carry out the lawful interception of telecommunications under an interception warrant or any other lawful interception authority."

It essentially forces telecommunications companies when asked by government surveillance agencies to develop, install and maintain full interception capabilities across their networks.

More specifically, when presented with an interception warrant or any other lawful interception authority, the telco must be willing and able to:

(a) provide a suitable access point in its public telecommunications network or service for interception equipment:

(b) co-operate with authorised persons and allow them access to its premises:

(c) provide sufficient environmentally controlled space to house the interception equipment or provide sufficient backhaul to a suitable location where the equipment can be housed.

To apply for interception, all surveillance agencies must demonstrate to the Minister that this is an adverse affect on national security or law enforcement.

Some interesting points from the act:

- Each telco must nominate a suitable employee to apply for a secret-level government-sponsored security clearance.

- The cost of intercepting this communication and providing the data to the GCSB is generally borne by the telco.

- Telcos with smaller than 4,000 customers don't have as strict a criteria under the act.

- The Police registrar maintains a register of telcos and their network designs.

- Each year or if changes are made the telcos network they must update the registrar.

- The CEO of each telco must sign an annual certificate confirming that the information contained is true and correct.

- The courts can order a telco to pay pecuniary (financial) damages to the crown for non-compliance with the act.

Two things you need to consider:

While the act means that government surveillance agencies 'can' force telcos into this type of surveillance, it doesn't show that actual equipment is installed.

This is probably how the Southern Cross Cable CEO and others can claim they have no equipment on their network.

There maybe no equipment right now, but the government can install it at anytime....

Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Rimini Street hits NZ shores with new subsidiary
The third-party support provider for Oracle and SAP has opened a new Auckland-based office and appointed Sean Jones as NZ senior account executive.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.