Story image

REVEALED: Dirty deal between NZ telcos and the GCSB...

18 Sep 2014

The relationship between New Zealand's spy agency the GCSB and local telcos are governed by the TICSA (Telecommunications Interception Capability and Security Act 2013).

Passed on November 11, 2013 by the National government, the legislation came into effect on February 11 this year, with every telco operating in New Zealand having three months to become compliant.

It covers the responsibilities of all New Zealand telcos to the government surveillance agencies, with the overall objective described as:

"The purpose of this Act in relation to interception capability is to ensure that surveillance agencies are able to effectively carry out the lawful interception of telecommunications under an interception warrant or any other lawful interception authority."

It essentially forces telecommunications companies when asked by government surveillance agencies to develop, install and maintain full interception capabilities across their networks.

More specifically, when presented with an interception warrant or any other lawful interception authority, the telco must be willing and able to:

(a) provide a suitable access point in its public telecommunications network or service for interception equipment:

(b) co-operate with authorised persons and allow them access to its premises:

(c) provide sufficient environmentally controlled space to house the interception equipment or provide sufficient backhaul to a suitable location where the equipment can be housed.

To apply for interception, all surveillance agencies must demonstrate to the Minister that this is an adverse affect on national security or law enforcement.

Some interesting points from the act:

- Each telco must nominate a suitable employee to apply for a secret-level government-sponsored security clearance.

- The cost of intercepting this communication and providing the data to the GCSB is generally borne by the telco.

- Telcos with smaller than 4,000 customers don't have as strict a criteria under the act.

- The Police registrar maintains a register of telcos and their network designs.

- Each year or if changes are made the telcos network they must update the registrar.

- The CEO of each telco must sign an annual certificate confirming that the information contained is true and correct.

- The courts can order a telco to pay pecuniary (financial) damages to the crown for non-compliance with the act.

Two things you need to consider:

While the act means that government surveillance agencies 'can' force telcos into this type of surveillance, it doesn't show that actual equipment is installed.

This is probably how the Southern Cross Cable CEO and others can claim they have no equipment on their network.

There maybe no equipment right now, but the government can install it at anytime....

Yamaha unveils simplified UC deployments
"In this fast-paced world, meeting participants need to be able to feel comfortable and hear those on the far end clearly to brainstorm new ideas and accomplish goals."
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
Jobs of the future: Will humans outmatch AI co-workers
"Regardless of how the workforce changes, automation, data and algorithms will complement rather than replace human employees."
How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
Why NSP adoption of ECX Fabric is on the rise
ECX Fabric aims to enable networks to streamline their access to the world’s largest cloud providers.
Cloud data warehouse trends and best practices
"TDWI sees a wide range of data-driven IT systems moving to the cloud aggressively, and this includes the data warehouse."