The second of the weekend’s must-read pieces. This one is by Vikram Kumar (CEO of Mega) published in the NBR. Here are some extracts:
Revealed: govt plans secret orders to service providers once spy bill becomes law
[Since the the first draft of the legislation, we have known the TICS Bill - the companion legislation to the GCSB Bill - makes it mandatory for telecommunications network operators (e.g. Telecom, Vodafone, 2degrees) to make their networks interceptable. The Bill leaves it to the ICT Minister's discretion whether this provision is extended to cover service providers - defined as companies that provide a telecommunications service, but that do not operate a network. Examples of service providers include ISPs, plus the likes of Microsoft with its Skype service, Google with Talk and Hangouts and Apple's FaceTime and iMessage. Almost any online service is on the table - Editor]
The government is planning to issue secret orders to service providers when the Telecommunications (Interception Capability and Security) Bill (“TICS Bill”) becomes law to force them to create interception capability for surveillance agencies. This has been approved by cabinet and is therefore official Government policy.
What’s not clear is if the mechanism of a Ministerial directive will also be used to gag the service provider? Or is the secrecy merely a guise to allow compliant service providers to pretend they haven’t been forced to create a backdoor for the government? …
In response to a request under the Official Information Act in my personal capacity, I received nine documents and merged them into one. The combined document can be viewed or downloaded from Scribd. …
Para 104 of the December 2012 “Technical Paper: Telecommunications Interception Capability and Network Security” by MBIE (page 19 of the combined document); para 109 of the paper to the Cabinet Committee on Domestic and External Security Coordination (page 62); and para 37 of the Cabinet paper (page 74) all confirm the same thing:
A Ministerial directive will be used to secretly/confidentially impose an obligation to create interception capabilities by individually named service providers (referred to as “deem-in” but what I call a backdoor) “so as not to publicly announce a lack of capability in a particular service.”
The Government is therefore going to be using secret orders to specific service providers directing the creation of interception capability, allowing real-time access by surveillance agencies …
Rather than seize the moment to be a global leader in enacting sensible, proportionate and effective laws, the Government is making laws ‘just in case’ they are required in the future, with no evidence that service providers are part of the problem. I hope others will join me in calling for the Government to not go down this path. Once trust is lost, getting it back is going to be difficult if not impossible.
Former State Services Commission strategy & innovation manager and InternetNZ chief executive Vikram Kumar is CEO of Mega. He wrote and researched this article in a personal capacity. He posts at Internet Ganesha.
Go read the full piece in the NBR.