What I think is missing here is where providers have a standard system they have used with the same hardware before May 11th. These were decisions made beforehand, no change to deployment, or not covered by an area of specified security interest. How many people on this list would have changed the manufacturer / type of equipment used in the NOC / core network that meets the threshold in 6 months? IANAL However from my lay reading of the guidance and exemptions continuing to use the exact same systems as were decided on and deployed prior to 11 May would not require a notice and replacing dead hardware with the same thing doesn’t require this notice either. So I am not sure that a low number of notifications is an odd thing unless people had major changes to their core and a short run time to make these changes. Others may want to chime in with their experiences. Regards Alexander Alexander Neilson Neilson Productions Limited alexander(a)neilson.net.nz 021 329 681 022 456 2326

On 25/11/2014, at 11:51 am, Dave Mill wrote:

I'm actually surprised that our GCSB overlords haven't done something like this sooner. To me it seems pretty obvious that not all network providers are using/following the new guidelines. And much better an email like this one than a proper slap by the NCSC/GCSB.

To explain my logic without giving too much away.

We are a small ISP. We have submitted proposals under this new law. Lets call our number of proposals X.

At a technical conference recently the GCSB were able to share with us their rough total number of proposals. That number was also reasonably obvious from the proposal numbering system the NCSC use. Lets call this number Y.

Y wasn't that much bigger than X. I'm talking 5 or 6 times bigger from memory.

We have spent a lot of time and effort in following this new legislation. I think its only fair that others do also (lets not debate whether we needed the legislation here). And with the numbers talked about so far I think its pretty clear that some organisations out there aren't following this new legislation.

At the very least (based on Ray's comments) most network operators should be submitting at least 5 - 10 standard builds each IMHO.

Cheers Dave

On Mon, Nov 24, 2014 at 8:30 PM, Ray Taylor mailto:ray(a)ruralkiwi.com> wrote: I am assuming this refers to notifications about equipment changes, vendor suppliers etc?

It may come as a surprise to these people but most network operators create standards and stick to them!

Ray Taylor

Taylor Communications

ray(a)ruralkiwi.com mailto:ray(a)ruralkiwi.com

Ph 021-483-280

Network status 06-929-9082

From: TICSA [mailto:TICSA(a)ncsc.govt.nz mailto:TICSA(a)ncsc.govt.nz] Sent: Monday, 24 November 2014 3:21 p.m. To: TICSA Subject: Letter to Network Operators 24 Nov 2014

Dear Network Operator

Please find attached a letter to all network operators. This letter shares our surprise at the low number of notifications received from registered network operators to date. We want to reinforce that we are here to support you in meeting your obligations under the TICSA.

We thank those network operators who have actively engaged with us under the TICSA since May.

Kind regards

From the TICSA Team

This electronic message, together with any attachments, contains information that is provided in confidence and may be subject to legal privilege. Any classification markings must be adhered to. If you are not the intended recipient, you must not peruse, disclose, disseminate, copy or use the message in any way. If you have received this message in error, please notify us immediately by return email and then destroy the original message. The Government Communications Security Bureau (GCSB) accepts no responsibility for changes to this e-mail, or to any attachments, after its transmission from GCSB. Thank you.

This email has been filtered by SMX. For more information visit smxemail.com http://smxemail.com/ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Absolutely a good idea. Speaking of NZNOG; is the programme far away? (business cases and purchase orders require some justifications and time is ticking on...) On 28/11/2014 2:01 p.m., Dean Pemberton wrote:

I'm not a lawyer either, but I do have an idea.

It's late November... It's pretty clear that TICSA notifications only relate to network changes, and most of you are about to enter brownout periods. If you're not you should be, but thats another story, just let me know so I can change ISPs.

That should take us through until the first or second week of January, and we have a conference at the end of Jan.

I'm going to propose that we get the TICSA team from GCSB along to the conference so that we can have some of these discussions in person and get them all straight in everyones mind.

They can explain why they think the industry isn't reporting enough, and the industry can ask questions around which areas of reporting are exempt.

It's clear now that TICSA is a reality and everyone needs to have an understanding of what that means for them.

Happy to look out a tame lawyer too, but I think it'll just increase the NZNOG registration price by Nx7min blocks =P

Sound like a plan?

On 28/11/2014, at 8:49 pm, neals5 wrote:

---- On Fri, 28 Nov 2014 14:01:25 +1300 Dean Pemberton wrote ----

...

I'm not a lawyer either, but I do have an idea.

It's late November... It's pretty clear that TICSA notifications only relate to network changes,

For a value of "network changes" which includes OSS (AAA) and BSS (billing and anywhere else data about customers resides) and includes changes not yet made.

- Donald Neal

True. However any decisions made by may 11 excluded. And people knew this so likely to be made. Then also excluding any same kit changes. So I would expect more to come through next year now the new exemptions have taken effect (anyone done a track changes on the may and November versions)? Also people who pre loaded their 2014 changes will have some 2015 changes coming up. Also they new IX's may trigger some notifications if people have large amounts of traffic over peering then having to notify so the spooks can start to tap the new links.

Hello there- A lawyer signal? I am a recent law graduate and soon to be admitted as a Barrister and Solicitor, based in Otago. I would love to attend the conference and contribute to any discussions/workshops about the topic of being legally compliant with and legally protected from the NCSC. You will be safe because I won’t have been admitted to the Bar by that time and thus legally can’t charge out services as a lawyer yet. Anyways, I am a very big supporter/fan of the Electronic Frontier Foundation in the United States which has done quite a bit of work around these kinds of legal issues of often costly and unclear national security regulations in telecommunications, which can stifle innovation in the wider scheme of things. I have read over the TICSA Act and GCSB quite a bit for research about legal issues relating to TOR Exit Relays. Quite passionate about this topic. Would there be interest in having a group meeting/workshop around this topic at the Conference? --- Me: nz.linkedin.com/in/bmmurrah http://nz.linkedin.com/in/bmorganmurrah/ Email: bmurrah(a)icloud.com PGP: https://keybase.io/airbridge https://keybase.io/airbridge Landline: +643 260 2600 Mobile: +6427 375 7897

On 28/11/2014, at 2:01 pm, Dean Pemberton wrote:

I'm not a lawyer either, but I do have an idea.

It's late November... It's pretty clear that TICSA notifications only relate to network changes, and most of you are about to enter brownout periods. If you're not you should be, but thats another story, just let me know so I can change ISPs.

That should take us through until the first or second week of January, and we have a conference at the end of Jan.

I'm going to propose that we get the TICSA team from GCSB along to the conference so that we can have some of these discussions in person and get them all straight in everyones mind.

They can explain why they think the industry isn't reporting enough, and the industry can ask questions around which areas of reporting are exempt.

It's clear now that TICSA is a reality and everyone needs to have an understanding of what that means for them.

Happy to look out a tame lawyer too, but I think it'll just increase the NZNOG registration price by Nx7min blocks =P

Sound like a plan?

On Tue, Nov 25, 2014 at 12:12 PM, Alexander Neilson wrote:

...

What I think is missing here is where providers have a standard system they have used with the same hardware before May 11th.

These were decisions made beforehand, no change to deployment, or not covered by an area of specified security interest.

How many people on this list would have changed the manufacturer / type of equipment used in the NOC / core network that meets the threshold in 6 months?

IANAL

However from my lay reading of the guidance and exemptions continuing to use the exact same systems as were decided on and deployed prior to 11 May would not require a notice and replacing dead hardware with the same thing doesn’t require this notice either.

So I am not sure that a low number of notifications is an odd thing unless people had major changes to their core and a short run time to make these changes.

Others may want to chime in with their experiences.

Regards Alexander

Alexander Neilson Neilson Productions Limited

alexander(a)neilson.net.nz 021 329 681 022 456 2326

On 25/11/2014, at 11:51 am, Dave Mill wrote:

I'm actually surprised that our GCSB overlords haven't done something like this sooner. To me it seems pretty obvious that not all network providers are using/following the new guidelines. And much better an email like this one than a proper slap by the NCSC/GCSB.

To explain my logic without giving too much away.

We are a small ISP. We have submitted proposals under this new law. Lets call our number of proposals X.

At a technical conference recently the GCSB were able to share with us their rough total number of proposals. That number was also reasonably obvious from the proposal numbering system the NCSC use. Lets call this number Y.

Y wasn't that much bigger than X. I'm talking 5 or 6 times bigger from memory.

We have spent a lot of time and effort in following this new legislation. I think its only fair that others do also (lets not debate whether we needed the legislation here). And with the numbers talked about so far I think its pretty clear that some organisations out there aren't following this new legislation.

At the very least (based on Ray's comments) most network operators should be submitting at least 5 - 10 standard builds each IMHO.

Cheers Dave

On Mon, Nov 24, 2014 at 8:30 PM, Ray Taylor wrote:

...

I am assuming this refers to notifications about equipment changes, vendor suppliers etc?

It may come as a surprise to these people but most network operators create standards and stick to them!

Ray Taylor

Taylor Communications

ray(a)ruralkiwi.com

Ph 021-483-280

Network status 06-929-9082

From: TICSA [mailto:TICSA(a)ncsc.govt.nz] Sent: Monday, 24 November 2014 3:21 p.m. To: TICSA Subject: Letter to Network Operators 24 Nov 2014

Dear Network Operator

Please find attached a letter to all network operators. This letter shares our surprise at the low number of notifications received from registered network operators to date. We want to reinforce that we are here to support you in meeting your obligations under the TICSA.

We thank those network operators who have actively engaged with us under the TICSA since May.

Kind regards

From the TICSA Team

________________________________

This electronic message, together with any attachments, contains information that is provided in confidence and may be subject to legal privilege. Any classification markings must be adhered to. If you are not the intended recipient, you must not peruse, disclose, disseminate, copy or use the message in any way. If you have received this message in error, please notify us immediately by return email and then destroy the original message. The Government Communications Security Bureau (GCSB) accepts no responsibility for changes to this e-mail, or to any attachments, after its transmission from GCSB. Thank you.

________________________________

This email has been filtered by SMX. For more information visit smxemail.com

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog