The New Zealand government has softened its contentious network surveillance bill by removing a ban on operators selling overseas services in the country if they are deemed in breach of national security requirements.
Communications and information technology minister Amy Adams yesterday tabled a supplementary order paper (PDF) with changes to the proposed Telecommunications (Interception Capability and Security) Bill (TCIS), based on feedback from from the public and the industry as well as recommendations from the parliamentary Law and Order select committee.
The bill requires that network operators working in New Zealand facilitate interception of traffic by domestic security agencies.
Adams has removed clause 39 of the TICS bill in the SOP, which allowed the responsible minister to prevent network operators from selling overseas telecommunications services in New Zealand if the interception capability or lack thereof threatened national security.
Adams declined to exempt from the new law overseas service providers that offer messaging.
Google, Yahoo, Facebook and Microsoft had protested that the proposed TICS law would conflict with privacy and other legislation in their home countries and threaten the IT industry in New Zealand.
However Adams said the administrative process would ensure that such conflicts would be addressed and did not agree that existing or alternative arrangements were sufficient to achieve the objectives of the proposed new law.
Secrecy around the process of the proposed new law will be strengthened, Adams said. New provisions that allow classified security information to be presented "in the absence of named parties such as journalists and members of the public" will be introduced.
Providers that do not comply with the proposed new law, which is expected to pass this week, face pecuniary penalties.
The chief executive of Kim Dotcom's Mega, Vikram Kumar, points out that removing clause 39 will have little actual effect.
"Clause 39 was intended to apply to overseas telecommunication services resold in New Zealand. This is opposed to service providers which are defined as both local and overseas suppliers of telecommunication services sold to end users directly," Kumar explains.
"Take a company like Microsoft with Skype or Apple with iMessage. In both these cases, there is a direct customer relationship with the end user. Hence, these companies are service providers under the TICS Bill and removal of clause 39 has no impact on them or their obligations under TICS," Kumar adds.
Virtual private networks by overseas suppliers sold to local telco customers would also be caught by TICS and its standard compliance framework, Kumar says, with New Zealand courts being able to impose penalties.
"This would have required over the top providers of "uncrackable" software to either allow the NZ government access to the system or face not being allowed to sell the product or service in New Zealand. That would have seen Apple's iMessage, Mega's online service and countless others excluded from the New Zealand market," Brislen told iTnews.
Spy agency to vet network procurements
"The GCSB is an intelligence gathering organisation and that means it will be internally conflicted when it comes to helping network operators patch security flaws - international best practice is to separate the two roles into two different parts of government", Brislen says.
"For instance, National Security Agency in the United States does not run the Computer Emergency Response Team, which has a role similar to that proposed for the GCSB in terms of network security," Brislen added.
"Telcos need to be left to make buying decisions that are best for the telco in question - that is the only way to ensure we have an efficient network build. Having a government agency decide what can and can't be built in or left out means added cost and delays for the telcos and that cost will be passed on to customers," he said.