Tough NZ comms interception, network security law kicks in

By on
Tough NZ comms interception, network security law kicks in

Aussie operators in NZ must register with police.

Local and international telcos and network providers in New Zealand are now required to comply with strict and complex new communications interception and security legislation.

The new law will apply to Australian businesses and providers operating in the country, such as Vocus which runs data centres and networks in New Zealand.

Known as the Telecommunications (Interception Capability and Security) Act (TICSA), the new law requires network operators to register with the NZ Police. Similary, suppliers of a wholesale or retail  telecommunications service must provide their information to the police registry.

Registrants must tell the police their total number of connections, customers and size of their geographic coverage, and ensure that law enforcement agencies have access to customer data and connections when needed.

As part of the new law - which requires the country's main signals intelligence agency, the Government Communications Security Bureau (GCSB) to play a prime role in network and systems security - providers are now dutybound to notify the state about any design and procurement decisions before implementation, according to government guidance [PDF].

Prior to TICSA, network operators were free to design their infrastructure according to their wishes and to meet commercial demands, and to buy equipment and software from any supplier.

From this month, the GCSB has to be notified of and approve proposed changes to a provider's network operations centre, core network including gateways and interconnects as well customer databases and authentication systems.

GCSB network security vetting process schematic

Providers will also be required to have their staff vetted for security clearance. However, the GCSB will not run the security clearance process itself, and warns that this "may take a significant length of time." 

Neverthless, there are certain things that network operators are permitted to do without notifying the GCSB.

Network providers can patch and update software and firmware, and make changes to power, air conditioning and fire suppression systems.

They are also not required to inform the spy agency of emergency changes to networks, at least not immediately. Nor will providers have to notify the GCSB about home routers, servers and databases sold to customers.

Failure to comply with the new legislation, GCSB, or ministerial direction on network design and equipment, could land providers with hefty fines.

These can be as steep as NZ$50,000 (A$46,000) to NZ$500,000 a day.

The new law was slammed by web giants Google, Facebook and Microsoft last year as being from the 19th century and incompatible with international privacy legislation.

Despite this, the New Zealand government declined to exempt overseas operators from the new law.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?