Hello- A long post follows that is adapted from some questions I received yesterday. These are some of my legal academic thoughts and not legal advice. My overall assessment of this very short one page TICSA Amendment Bill is that community must put energy into this process even if the Bill itself is insufficient and likely to be voted down. If it makes it past the first step there is a chance for proposing additions and changes in the form of Supplementary Order Papers and this is something to be optimistic about and contact your MP’s about. Even if the Bill fails at the first stage, there is the risk though that unless there is obvious energy put into it the whole issue reaches a state of entropy until some unforeseeable reactive event occurs where the law will finally get replaced or repealed. The Government will likely claim a lack of energy put into the Bill as evidence the status quo is acceptable, and who knows how many years it might be till the issue comes again on the Parliamentary floor for any kind of substantive change. Is this toothless? Yes, the Bill has no legal teeth in its own right in terms of statutory offences. On a personal level I must say I also think it is weak. There is no legal duty for the Minister/Director to follow the recommendations. For this could be dismissed as ineffectual. However, the Bill would creates added statutory powers and responsibilities that creative avenues legal challenge such as a judicial review of an Agency decision. Even if such a judicial review is never actualised it can start to carry weight “in the shadow of the law”. It means the Agency can be pressed to its statutory responsibilities by some entity pointing to a legal basis for their claims. I also think there is potential for the Bill to widen existing judicial review avenues elsewhere in the legislation that were very limited, given the interaction of the TAB and the Minister/Director’s duties. Consider Clause 2 of the Bill “Any matter to be referred to the Minister requesting the Minister to exercise his or her discretion or recommend the prescribing of an additional area of specified security interest must first be referred to the Technical Advisory Board for analysis and recommendations. “ If a Minister fails to refer the matter to the TAB first with enough time and detail so the TAB can give actual considered analysis and recommendations, on its face there would be breach of the Minister’s statutory responsibilities. This would tap into well established legal common law norms about the duty of consult and what that means in practice by Ministers, and open the case to judicial review in a Court. If the issue was intrusive enough on network operators this could potentially receive remedy’s in the form of injunctions on the matter at hand and form precedent for the future. I am trying to think of an example where this would be worth it economically, or in defence of rights of a NetOp or their subscribers, its not unforeseeable. A judicial review action could potentially be taken to seek an injunction on a area of security being decided while the TAB fully considers the issue. This could enforce a lag-time for compliance to allow network operators to react and plan ahead for impending decisions by the Minister. Take for example s50 of the Act: http://www.legislation.govt.nz/act/public/2013/0091/latest/DLM5626115.html <http://www.legislation.govt.nz/act/public/2013/0091/latest/DLM5626115.html> This section is closely related to the process of the Director in identifying network security risks which is relevant to the Bill. s50 also gives a list of things the Director must consider. Failing to give consideration to a mandatory consideration is a well recognised ground of judicial review of exercises of statutory power. As you can gather from the list above in the Section, its typically aimed at an enumerated list of more or less specific items. On its own an action by an individual against a public figure for merely failing to consider mandatory considerations has only a formal/technical remedy and it would be an expensive and lengthy procedure for all involved. The Agency would then, usually, only have to correct the error in some token way - such as issuing a report saying “we have consider all the relevant matters, our opinion is unchanged” - and move forward. However, the existence of this action combined with a technical advisory board gives potential for a legal entity that can bring to light a bigger picture of systemic and formal breaches that would make great copy in the newspaper or an Ombudsman-like governmental complaint if not a court judgment. Whichever of you may decide to sit on the Board (to be honest, not an entirely desirable role) would have the ability to oversee that mandatory consideration has been given on all of the ground under S50s. The Board could start issuing recommendations that align with the statutory duties and language, and force more compliance by the Agency, if it starts pointing out where this consideration hasn’t been given. This is at least one way a TAB could be applied to put the Agency on their toes like a real watchdog is supposed to. Isn’t all this going to play out in secret anyways because NatSec? If the Agency doesn’t follow any recommendations this would be secret? One issue I am interested in is use of the term “Security Interest” in the Bill and considering how much it maps onto the definition of “Security Risk” currently in the TICSA legislation, and whether this should change. The definition of security risk in the TICSA legislation is inclusive of the concept of national security but the term national security itself is not defined. This question about whether all of the risks and all of the Agencies TICSA decisions/activities are to be legally treated as national security concerns is ultimately going to decide whether TICSA plays out before and in an open civil court as the norm or whether it will go into classified operations only where sufficient evidence is provided to the Courts to justify otherwise. I am strongly of the view this is a piece of regulation which only narrowly intersects with national security. Cloaking the daily and annual grind of bureaucracy and notification schemes and compliance in national security is a wrong approach and arguably just a very easy lawyerly way of keeping the Agency out of Court. I will be writing more on this topic and releasing it in a proper text form, and am definitely planning on submitting something TICSA-related to Kiwicon. Kind regards ___________ Beau Murrah Ph: +64 27 375 7897 Email: bmurrah(a)icloud.com <mailto:bmurrah(a)icloud.com> - PGP: https://keybase.io/airbridge <https://keybase.io/airbridge> Enrolled Barrister and Solicitor of the High Court of New Zealand (NB: not a lawyer <https://www.lawsociety.org.nz/for-lawyers/joining-the-legal-profession/admitted-but-no-practising-certificate>)