Hello NZNOG list, Some months ago I emailed to the list about my plan to produce a legal manual/critical to guide to the TICSA legislation for network operators/the list. I got some feedback from people on this list and outside of it that there was interest in such analysis and some highlighted a number of particular issues to look into/affecting them. My original hope was to have it completely edited and ready to share to the list about this time - I know updated guidance was/is planned to be released by the NCSC soon (or has already been released). Well, Im still going at it but it is proving difficult topic to write about and finish into a usable and credible form. My text is currently 6500+ words - and I think there are definitely some genuinely some useful or novel things for consideration but it is also all over the place. Initial feedback on the very rough draft was that it doesn’t seem clear exactly exactly who I am writing for - seeming like a mix of legal academic essay and direct practical consideration for network operators and also partly political content about the nature of bureaucracy in this area (the latter Ive decided to cut out as much as possible. I believe writing about this topic is difficult because I realised I don’t know much about what the worklife of a network operator of a truly large network is actually like at all. I have read/seen most all of the publicly available information - close reading of the legislation and related legislation, NCSC guidance, information from this list and so on. None of the technical people I know are network operators. It is hard to gauge what the level/type of interaction with the Agency is actually like broadly. I really don’t want to inadvertently publish any bullcrap technical claims and there is plenty of cyber-paranoid stuff out there already. So, I digress- I am visiting Wellington later this month (28th-31st May) and I would love to get insight from a network operator(s) over beer/coffee/water. I am actually less interested in what TICSA compliance has been like for you - and I don’t expect or want you to “leak” anything or disclose anything - but to hear more about the worklife of a network operator in general day to day that would come under examination in any potential legal proceeding under TICSA. To give a quick preview of my text, it focuses on the fundamental importance of good faith in the legislation to protecting you from any worst case scenario from alleged non-compliance. It considers what remaining in good faith could look like in a situation of alleged non-compliance and what variety of reasons or events could lead to non-compliance while good faith has been retained by the network operator. This depends on a lot on getting an understanding your workflow and obligations and what kind of people are you expected to report to and way that evidence accumulates in your day - much like in any employment situation or potential examination/dispute. There is very limited legal precedent to what Good Faith actually is from legislation and case law around the issue of employment and law and collective bargaining. How good faith might be interpreted involving network operators dealings with the Agency is a very open question and something all network operators ultimately have an interest in. I will say that the guidance provided to you by the NCSC guidance is not legal binding guidance and makes particular assumptions about the nature of good faith. It is very possible that this entire law will never effectively see a day in court if the narrative that this regulation is intrinsically a piece of national security and good faith flatly means following the Agency’s commands or striving to meet their interpretation of compliance. I do not think this is correct nor is anyway certain. I will add though, an actual Court case under this legislation’s confidentiality and evidential provisions will attempt to turn a civil court into a “Secret Court” like FISA this Country has never really seen and will intimidate the most experienced of lawyers, Judges and Court staff - there is a huge impetus to avoid this situation, and hopefully this can be put more in the network operators favour, rather than to scare them. I invite you to email me off-list if you want to meet, or to email on-list to propose a venue/time on-list for people to chat as a group. Happy Budget day, ___________ Beau Murrah Ph: +64 27 375 7897 Email: bmurrah(a)icloud.com mailto:bmurrah(a)icloud.com - PGP: https://keybase.io/airbridge https://keybase.io/airbridge Linkedin: https://www.linkedin.com/in/bmorganmurrah https://www.linkedin.com/in/bmorganmurrah Enrolled Barrister and Solicitor of the High Court of New Zealand (NB: not a lawyer https://www.lawsociety.org.nz/for-lawyers/joining-the-legal-profession/admit...)