Adam posted this to the ISIG list and since he isn't on NZNOG I'm cross-posting it here. I think it's a pretty good summary of what is wrong. Sorry to anyone who got this already.
Yeah, its my reading that the intercept stuff is actually pretty reasonable; lower requirements for small operators, more clarification on how you can share kit/responsibility/etc with wholesale providers etc etc. All seems sensible. Its the "network security" bits that seem mad; I don't even really understanding reading the text of the bill what its supposed to mean. You as a network operator have to ask the GCSB permission to change or outsource or do anything to an "area of specified security interest", which is defined as: * your NOC * your LI kit * any where you "manage or store" * aggregated customer information or credentials * admin credentials * anywhere you store lots of data You're supposed to tell the bureau when you eg, switch to LDAP-without-SSL auth for your linux boxes, in enough time for them to tell you its a bad idea. And then if they do, you're suppsed to .... do what they say. Similarly they can turn up and say "you shouldnt do thing because REASONS". And you have to do what they say? (if we substitute "ldap without ssl" for "buy a huawei LTE cellnet core", we can clearly see this is working well ha ha) But basically you (network operator) have to ask permission to do anything at all with your networ, and they can just tell you what to do, and if you have any issue with it, there's a secret, classified court/appeals process where they dont have to tell you even why. And then there's the whole "we can ban services you might offer that we dont like because REASONS", which, i dunno, seems to compare poorly with our free market, WTO friendly, parallel-import-for-lyfe approach? I dont even. I fail to understand how any of this is going to improve actual security; we all on this list know what Reality is like, and I fail to see how compliance with this law would improve things, and its certainly going to make Network Operators (of which the definition of which is super unclear) lives miserable. Madness. <end>