So if you want to deploy a new BGP edge and and try a new vendor, you have to ask their permission first? Who the hell are they to even know what is good or not for your network or the capabilities you might be trying to achieve? ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd skeeve(a)eintellegonetworks.co.nz ; www.eintellegonetworks.co.nz Phone: +612 8014 7398; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering On Mon, May 12, 2014 at 3:56 PM, Alexander Neilson

wrote:

There are some exemptions etc to it.

However essentially your NOC, Core Network, Gateways / Interconnects, Customer Databases, Network Authentication systems, etc all require not just notification but their approval of your change.

If they don’t like the change then they make you change it or threaten to fine you.

It gets better, this was an update to the “Interception Capability” laws over here.

Regards Alexander

Alexander Neilson Neilson Productions Limited

alexander(a)neilson.net.nz 021 329 681 022 456 2326

On 12/05/2014, at 5:50 pm, Skeeve Stevens wrote:

Hang on... is this serious?

You aren't allowed to upgrade some equipment without informing the GCSB unless it is the same make and similar model?

How did this ACT get through?

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve(a)eintellegonetworks.co.nz ; www.eintellegonetworks.co.nz Phone: +612 8014 7398; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/theispguy ; blog: www.theispguy.com

The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering

On Mon, May 12, 2014 at 2:59 PM, Dean Pemberton wrote:

...

Hey all,

So the TICSA came into effect today.

Things to remember: The Act requires that network operators register their information with the Police Registrar. Details here:

http://www.police.govt.nz/about-us/programmes-and-initiatives/telecommunicat...

The NCSC has also produced some guidance for Network Operators which is worth a read.

http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf

The GCSB have also published a list of exceptions for Operators with regard to what you're required to notify them of.

http://ncsc.govt.nz/assets/TICSA/Notice-of-Exemptions.pdf

As you were =) _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

---- On Mon, 12 May 2014 18:56:46 +1300 Alexander Neilson <alexander(a)neilson.net.nz> wrote ---- There are some exemptions etc to it. However essentially your NOC, Core Network, Gateways / Interconnects, Customer Databases, Network Authentication systems, etc all require not just notification but their approval of your change. Or any part of your network crossed by at least 15% of your total traffic. Which in a traffic-engineered network may be a lot of your topology. Especially if they choose to include failure cases. This list's AUP doesn't permit discussion mainly legal in character, but this stuff is a real operational issue. Any operator working in New Zealand needs to apply themselves to working out what's going on. - Donald Neal (Speaking only for himself.) On 12/05/2014, at 5:50 pm, Skeeve Stevens <skeeve(a)eintellegonetworks.co.nz> wrote: Hang on... is this serious? You aren't allowed to upgrade some equipment without informing the GCSB unless it is the same make and similar model? How did this ACT get through? ...Skeeve Skeeve Stevens - eintellego Networks Pty Ltd skeeve(a)eintellegonetworks.co.nz ; http://www.eintellegonetworks.co.nz/ Phone: +612 8014 7398; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; linkedin.com/in/skeeve twitter.com/theispguy ; blog: http://www.theispguy.com/ The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering On Mon, May 12, 2014 at 2:59 PM, Dean Pemberton <nznog(a)deanpemberton.com> wrote: Hey all, So the TICSA came into effect today. Things to remember: The Act requires that network operators register their information with the Police Registrar. Details here: http://www.police.govt.nz/about-us/programmes-and-initiatives/telecommunicat... The NCSC has also produced some guidance for Network Operators which is worth a read. http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf The GCSB have also published a list of exceptions for Operators with regard to what you're required to notify them of. http://ncsc.govt.nz/assets/TICSA/Notice-of-Exemptions.pdf As you were =) _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Thanks Mark. Yep. This wouldn't be a surprise for anyone who was at the conference where the two GCSB guys went through this step by step and took tons of feedback from the audience. See how important those conferences are? Dean On Monday, May 12, 2014, Mark Foster wrote:

No Joke, Skeeve.

There was a talk at the last NZNOG about it, the two guys at the front of the room from GCSB (hi, guys!) got a bit clobbered by the room.

A quick google presented this URL:

http://blog.altan.me/ticsa-overview/

... which has the video and a very high level set of bullets about what it entails.

The legislation was passed whilst parliament was sitting 'under urgency', and here we are.

The GCSB guys have been working hard to try to make it reasonable, but the law itself is the issue and I personally feel that passing it 'under urgency' was a bit cheeky and underhanded. So they're doing their best with the hand they were dealt.

Thing is, it's now law, so we have no choice but to abide by it. The mandate is around national security, so we can only presume that GCSB have some good intel sources and their pool of learned engineers will be looking for actual potential risks to national security. I gather they will simply raise concerns, where possible providing as much information as possible as to why the item raised is a concern, and seek to ensure that appropriate mitigation measures are put in place.

I for one will be interested to see what happens when the full force of this particular piece of law is first tested.

Mark.

On 12/05/2014 5:50 p.m., Skeeve Stevens wrote:

Hang on... is this serious?

You aren't allowed to upgrade some equipment without informing the GCSB unless it is the same make and similar model?

How did this ACT get through?

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve(a)eintellegonetworks.co.nz ; www.eintellegonetworks.co.nz

Phone: +612 8014 7398; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ; linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com

The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering

On Mon, May 12, 2014 at 2:59 PM, Dean Pemberton wrote:

Hey all,

So the TICSA came into effect today.

Things to remember: The Act requires that network operators register their information with the Police Registrar. Details here:

http://www.police.govt.nz/about-us/programmes-and-initiatives/telecommunicat...

The NCSC has also produced some guidance for Network Operators which is worth a read.

http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf

The GCSB have also published a list of exceptions for Operators with regard to what you're required to notify them of.

http://ncsc.govt.nz/assets/TICSA/Notice-of-Exemptions.pdf

As you were =) _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

They simply want to make sure you're running the right equipment: http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-... “Always eyes watching you and the voice enveloping you. Asleep or awake, indoors or out of doors, in the bath or bed- no escape. Nothing was your own except the few cubic centimeters in your skull.” ― George Orwell http://www.goodreads.com/author/show/3706.George_Orwell, *1984 http://www.goodreads.com/work/quotes/153313*

In case anyone didn't follow the link... April 1 ... “Happy April Fools.” ...Beer :) On 14/05/14 11:48, Dean Pemberton wrote:

Sorry George... thats not even true anymore.

This article from the very beginning of April this year.

Dean I think the issue here is that its almost become so bad that those are believable ;-) Regards Alexander Alexander Neilson Neilson Productions Limited alexander(a)neilson.net.nz 021 329 681 022 456 2326 On 14/05/2014, at 11:53 am, Dean Pemberton wrote:

Pfffft, like "from the very beginning of April this year" didn't telegraph that enough =P

On Wed, May 14, 2014 at 11:52 AM, Clark Mills wrote:

...

In case anyone didn't follow the link...

April 1 ... “Happy April Fools.”

...Beer :)

On 14/05/14 11:48, Dean Pemberton wrote:

...

Sorry George... thats not even true anymore.

This article from the very beginning of April this year.

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

---- On Mon, 02 Jun 2014 16:54:59 +1300 Matthew Moyle-Croft <mmc(a)mmc.com.au> wrote ---- On 11 May 2014, at 9:59 pm, Dean Pemberton <nznog(a)deanpemberton.com> wrote: > Hey all, > > So the TICSA came into effect today. > > Things to remember: > The Act requires that network operators register their information > with the Police Registrar. Details here: > http://www.police.govt.nz/about-us/programmes-and-initiatives/telecommunicat... Anyone know if this includes, say, a CDN deployment? MMC Matthew, If you mean, do you need GCSB permission for one, that depends on how big it is. If it may carry 15% of your traffic ( http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf page 13) ,the answer's likely to be yes. - Donald Neal