Hi list(s) The Government is pushing through this amended bill under urgency - along with the GCSB Amendment bill. I've only had a quick read but it already made me feel pretty angry. Instead of just bitching about it on IRC and twitter and at bus stops to confused elderly people, I thought I'd try and do something - and I had a chance to speak with Clare Curran (Labour MP) recently about it. She suggested she would support fighting / commenting against this bill, with help and advice. The problem is most people voting for it have no idea what it means or is for. We (you - Network Operators and IT Professionals, hi!) need to advise and talk and share information about what these changes really mean - and if they're good. The Tech Liberty NZ website has some good reading and a bit of a summary on the TICS Bill - http://techliberty.org.nz/govt-proposes-gcsb-control-over-nz-communications-... and the scoop links to the full bills are here: http://img.scoop.co.nz/media/pdfs/1305/Telecommunications_InterceptionCapabi... http://img.scoop.co.nz/media/pdfs/1305/wstGovernment_Communications_Security... TL;DR: The new TICS bill has some changes that could impact the way you do networking in New Zealand - and if you care you should say something. Beers, -- // Mike
On 10/05/2013 10:23 a.m., Mike Forbes wrote:
Hi list(s)
The Government is pushing through this amended bill under urgency - along with the GCSB Amendment bill.
<snip> I'd be interested to hear/read technical analysis and comments on what the bill entails so if anyone's interested, please contact me off list. Had a long chat with the MBIE about it: http://www.itnews.com.au/News/340832,nz-telcos-face-new-obligations-under-in... Would be good to get industry input too. Thanks Hei konā mai, -- Juha Saarinen AITTP Twitter: juhasaarinen http://juha.saarinen.org
On 10/05/13 10:32, Juha Saarinen wrote:
nz-telcos-face-new-obligations-under-interception-law.aspx
The whole bit about carriers being forced to break encryption is daft ... or scaremongering. We've got a pretty good record in this country of not filling our judiciary with gibbering idiots bent on shutting down our infrastructure over a legal technicality. No court is going to require any organisation to do something that is impossible for it to do. You don't need to write that into a specific act; it's a part of the very fabric of the law. This review has been going on for yonks. As I recall, talking to the MED folks a couple of years ago, the major issues were around how interception warrants would be handled by carriers, as the current procedures work for a small number of large players. This was more to do with who in a carrier could be trusted to receive and act on a warrant than with the technical measures required. I too would like to see a sober, technical discussion of exactly what the bill changes. -- don
We’ll just tell our clients to implement full encryption on top of their telco links. By the way, the GCSB has been under the covers telling every government department (which still talks to them) that they should stop using their current IT security consultants. This bill seems to be in the same line of thought which would be as I read it “use the GCSB as your IT security consultants so we know everything that’s happening”. *From:* discussion-bounces(a)lists.isig.org.nz [mailto: discussion-bounces(a)lists.isig.org.nz] *On Behalf Of *Mike Forbes *Sent:* Friday, 10 May 2013 10:23 *To:* nznog; NZISIG Discussion *Subject:* [NZISIG] TICS bill passing under urgency Hi list(s) The Government is pushing through this amended bill under urgency - along with the GCSB Amendment bill. I've only had a quick read but it already made me feel pretty angry. Instead of just bitching about it on IRC and twitter and at bus stops to confused elderly people, I thought I'd try and do something - and I had a chance to speak with Clare Curran (Labour MP) recently about it. She suggested she would support fighting / commenting against this bill, with help and advice. The problem is most people voting for it have no idea what it means or is for. We (you - Network Operators and IT Professionals, hi!) need to advise and talk and share information about what these changes really mean - and if they're good. The Tech Liberty NZ website has some good reading and a bit of a summary on the TICS Bill - http://techliberty.org.nz/govt-proposes-gcsb-control-over-nz-communications-... and the scoop links to the full bills are here: http://img.scoop.co.nz/media/pdfs/1305/Telecommunications_InterceptionCapabi... http://img.scoop.co.nz/media/pdfs/1305/wstGovernment_Communications_Security... TL;DR: The new TICS bill has some changes that could impact the way you do networking in New Zealand - and if you care you should say something. Beers, -- // Mike
Adam posted this to the ISIG list and since he isn't on NZNOG I'm cross-posting it here. I think it's a pretty good summary of what is wrong. Sorry to anyone who got this already.
Yeah, its my reading that the intercept stuff is actually pretty reasonable; lower requirements for small operators, more clarification on how you can share kit/responsibility/etc with wholesale providers etc etc. All seems sensible. Its the "network security" bits that seem mad; I don't even really understanding reading the text of the bill what its supposed to mean. You as a network operator have to ask the GCSB permission to change or outsource or do anything to an "area of specified security interest", which is defined as: * your NOC * your LI kit * any where you "manage or store" * aggregated customer information or credentials * admin credentials * anywhere you store lots of data You're supposed to tell the bureau when you eg, switch to LDAP-without-SSL auth for your linux boxes, in enough time for them to tell you its a bad idea. And then if they do, you're suppsed to .... do what they say. Similarly they can turn up and say "you shouldnt do thing because REASONS". And you have to do what they say? (if we substitute "ldap without ssl" for "buy a huawei LTE cellnet core", we can clearly see this is working well ha ha) But basically you (network operator) have to ask permission to do anything at all with your networ, and they can just tell you what to do, and if you have any issue with it, there's a secret, classified court/appeals process where they dont have to tell you even why. And then there's the whole "we can ban services you might offer that we dont like because REASONS", which, i dunno, seems to compare poorly with our free market, WTO friendly, parallel-import-for-lyfe approach? I dont even. I fail to understand how any of this is going to improve actual security; we all on this list know what Reality is like, and I fail to see how compliance with this law would improve things, and its certainly going to make Network Operators (of which the definition of which is super unclear) lives miserable. Madness. <end>
participants (4)
-
Don Stokes -
Florent Bouron -
Juha Saarinen -
Mike Forbes