Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search

 

Q+A Paul Brislen and Russel Norman Interview and Amy Adams

Concerns New Spy Bill Will Hold Kiwi ICT Companies Back

Source: TVNZ – One News Story

Another spy bill making its way through Parliament is raising concerns for the future of the technology sector in New Zealand.

The Telecommunications Interception Capability and Security (TICS) Bill would, with a warrant, force telecommunications companies and online service providers like Google and Apple to give the GCSB access to users' private information.

Telcos would also have to consult with the GCSB when developing new products and services.

Telecommunications Users Association of New Zealand chief executive Paul Brislen told TV ONE's Q+A this morning that the bill could affect what international services are offered in New Zealand and may hold Kiwi companies back from making it internationally.

"The GCSB will have to advise telcos on how they build their network, which parts they add, what they remove, the structure of the network itself even presumably down to which vendors they use to build the network.

He described that consultation process as a "great concern".

"If we're out of step with most of the other places that are being innovative and developing new software products to sell overseas, New Zealand will once again miss out on the opportunities that that provides."

But Minister for Communications and Information Technology Amy Adams said Mr Brislen's fear for the New Zealand technology sector was based on misinformation that suggested the TICS bill provided a "back door" for the GCSB to gather information.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

"If you're a network operator, you should consult with the GCSB on the design of critical parts of your infrastructure. It doesn't give the GCSB the right to veto it, it doesn't give them the right to control how the network runs, and interestingly, it doesn't apply at all to ICT companies who are service providers."

It would actually reduce the compliance cost on ICT companies, she said.

All the bill does is look at how police or other agencies, who have a warrant, work with the GCSB, Ms Adams said.

"This sort of implication that this is a great new power grab is simply wrong," she said.

"There is no back door, there is no ability for the GCSB to get extra information under this bill, there is no ability to access stored or historic data, it is
simply about real-time interception."

Real-time interception of communications is critical to solving "most, almost all" of the serious cases police deal with, she said, and as a result the bill is really about protecting New Zealanders from crime.

"And I think most New Zealanders accept there's a need for that."

Service providers already have a "duty to assist" police in their investigations under the current law, she said.

NZ's cyber security agency?

Mr Brislen and Green Party co-leader Russel Norman argued that the GCSB should not be the country's cyber security agency.

"I think the industry had a lot more faith in an arm's length industry... rather than giving a spy agency the role of oversight and management," Mr Brislen said.

Mr Norman agreed, saying that it would be difficult to look at what agencies working with the GCSB were doing.

"In terms of freedom, it's a slow moving thing. You're not going to notice tomorrow that you feel like you're more constrained."

He compared the legislation to the 1991 Building Act, saying that leaky houses didn't start appearing the next year, but ten years down the track.

"Likewise, once we give these powers to these agencies they'll grow in confidence over time and they'll start to access more and more of our data.

"Do we really want our cyber security agency to be the GCSB? Because it does have conflicts of interest."

Mega chief executive Vikram Kumar said internet users should assume that the Government is able to access everything they do on sites like Facebook, Gmail and Twitter whenever it likes.

"Assume that everything online is being recorded, stored and analysed, at least for maybe five to 10 years," he said.

Q+A, 11-midday Sundays on TV ONE and one hour later on TV ONE plus 1. Streamed live at www.tvnz.co.nz
  
Thanks to the support from NZ On Air.
Q+A is on Facebook, http://www.facebook.com/NZQandA#!/NZQandA and on Twitter, http://twitter.com/#!/NZQandA

Q+A

CORIN DANN INTERVIEWS PAUL BRISLEN AND RUSSEL NORMAN

CORIN DANN

Joining us now is Paul Brislen from TUANZ in the studio and Greens Co-Leader Russel Norman in Wellington. Good morning to you both. I’ll start with you, Paul. Why, again, should we be so worried about this legislation? Isn’t this just the mechanics of what we’ve been debating re: the GCSB Bill?

PAUL BRISLEN - Telecommunications Users Association of NZ

Well, it is, in many respects. We’ve decided we can spy on New Zealanders, and this is going to frame up how we’re going to do that. But there are a series of concerns. And, as you saw in the clip, [from Dita de Boni] how will this affect international services being offered here? How will it affect the telcos themselves? Because the GCSB gains a new role in all of this, which is oversight of the building of the networks, but also for us, we’ve got a concern around what it will mean for those companies that are based in NZ trying to sell their electronic goods overseas - whether they will be able to-

CORIN            So that’s the economic damage, potentially. But let’s just start with the issue of the expansion of powers. Is this an expansion of powers? They will be able to spy on things they couldn’t previously?

PAUL              They will be able to look at things they couldn’t previously, but, for my money, um, the important-

CORIN            What like? Can you give us some examples?

PAUL              Well, uh, I mean, previously they weren’t allowed to look at New Zealanders or residents of NZ at all legally. That’s now solidified under the GCSB Bill. This takes it a step further. The GCSB will be able to- will have to advise telcos on how they build their network, which parts they add, what they remove, the structure of the network itself, even, presumably, down to which vendors they use to build the network. So that’s going to be a great concern to companies like Huawei, which are under grave suspicion in the United States, and you’ve got a real issue there around whether this is a security matter or a free trade matter from the American point of view.

CORIN            All right. Russel Norman, you’ve described the GCSB Bill, obviously, as a threat to freedom. How can it be a threat to freedom when they still need a warrant to get this information? I mean, there has to be- there’s oversight there.

RUSSEL NORMAN - Greens Co-Leader
They need a warrant for some of it. I mean, if you’re targeting foreign communications, you don’t need a warrant, even though you might in the process also intercept NZ communications-

CORIN            But John Key has said in the first instance, certainly, he won’t allow access to those New Zealanders’ content.

RUSSEL         Well, if you recall, John Key, what he said is he went on national television and said, ‘Oh, no, under this law, they can’t look at the content of the emails.’ And then he had to correct his statement and said, actually, they can. So I’m pretty dubious about the Prime Minister’s statement on any of this. I mean, you know, in terms of freedom, right, you know, it’s a slow-moving thing. So you’re not going to notice tomorrow that suddenly you feel like you’re more constrained just because the bill’s passed. But it’s a bit like the ’91 Building Act. Like, when National pushed that through, we didn’t have leaky houses the next year, but 10 years down the track, you find that we’ve got a whole problem with leaky houses. Likewise, once we give these powers to these agencies, they’ll grow in confidence over time, and they’ll start to access more and more data.

CORIN            But that’s why we’ve got greater oversight that’s been put into the legislation. That’s what that’s there for.

RUSSEL         Well, I mean, if you look at the legislation, we don’t really have significantly greater oversight at all. The Intelligence and Security Committee, the only democratic oversight, still basically can’t look at what these agencies are going. So there still isn’t any fundamental democratic oversight.

CORIN            Isn’t there a bit of scaremongering here? Because there’s the perception that they’re suddenly going to be able to look at all your Facebook and all that sort of stuff, but only with a warrant, and we’re talking nine, 10 cases a year so far, aren’t we?

RUSSEL         Well, it’s true that the GCSB, according the Kitteridge Report, was only acting illegally nine times a year, or so they tell us. We don’t really know what the truth is, how often they’re acting unlawfully. What we do know is under the GCSB Bill, the information that they’re able to get via this bill, the TICS Bill that we’re talking about now, they can pass to US agencies. Um, so it is kind of like the GCSB Bill provided the legal framework; this bill provides some of the technical backdoor so they can get a backdoor into your provider, get the information, pass it to their Five Eyes network. I mean, I think the bigger point we’ve got to ask ourselves is does it really make sense to have the GCSB as our cyber security agency? Because this is our external spying agency, do we really want our cyber security agency to be the GCSB? Because it does have conflicts of interest.

CORIN            Ok, I’ll come to you, Paul Brislen. You were nodding there. You agree with that?

PAUL              Yeah. We used to have an agency called the Centre for Critical Infrastructure Protection, which was run by the GCSB but at arm’s length. That was subsumed into the GCSB some time ago. I think the industry had a lot more faith in an arm’s length agency whose role was purely to look after the security of network infrastructure, rather than giving a spy agency the role of oversight and management.

CORIN            How worried are you - Russel Norman touched on this - about our reputation as an independent country, with the US involvement, Five Eyes, those types of things, if this is seen as too heavy handed by our government?

PAUL              Well, that’s right. It is a big issue, because our trading partners are the very people that we’re supposed to be keeping an eye on from a security point of view. We’re talking about China, South-East Asia, in many respects. It wasn’t that long ago that the Americans were using data taken from the Five Eyes predecessor, Echelon, and using that to sway negotiations between Boeing and Airbus, and NZ was dragged into that discussion quite unnecessarily.

CORIN            But these are big-picture trade issues. Why should the average New Zealander be worried about that?

PAUL              We have most of our dairy trade at the moment residing with one country, with China. They’re our biggest trading partner in terms of dairying, and yet we’re now signing deals in a security sense that put us on the other side of the fence with the Americans.

CORIN            And is there a risk also that we’re going to see a stifling of the IT industry? Entrepreneurs, those types of things, who are going to be put off because of these extra rules?

PAUL              Well, that’s the concern. If we are out of step with most of the other places that are being innovative and developing new software products to sell overseas, NZ will once again miss out on the opportunities that that provides. If we are seen to be a country that will allow backdoors to be built in, will allow the Americans access to private information, then potentially we are tainted with that brush. You know, organisations like Vikram [Kumar] with Mega provide a valuable service. A secure and encrypted locker that you can store files in. I run a business. I want to keep things secure for my shareholders, so why on earth would I then allow a NZ company to take that information and potentially give it to the American government?

CORIN            And, Russel Norman, do you have concerns about obviously, again, those links overseas? I mean, can you explain to New Zealanders why we should be worried about whether the NSA or whoever else might be working with the GCSB?

RUSSEL         Well, I mean, the GCSB is part of this Five Eyes network.

CORIN            But they’re our traditional alliance. They’re our allies.

RUSSEL         And the head of that network is the NSA in the United States, and that is now absolutely proven to be engaged in systematic, broad-scale surveillance of their citizens, and so that’s what the Five Eyes network is now up to. The GCHQ has been proved to be engaged in this as well in the UK. Why would we want to be engaged in that kind of thing? I think, um, the encryption stuff is interesting as well in that the reason why I think that’s interesting - and this is the conflict of interest for the GCSB - on the one hand, we’re moving a lot towards encryption, and people are going to encrypt more and more to protect their security. On the other hand, the GCSB doesn’t want encryption, and yet that’s what consumers are going to be moving towards. So the operator of the network, which is what the GCSB is going to become, won’t want exactly what consumers want, so we’re going to have this conflict between the two.

CORIN            Russel Norman, we’ll have to leave it there. Green Party Co-Leader, thank you very much. And Paul Brislen from TUANZ.

RUSSEL         Pleasure.

PAUL              Thank you.

Q+A

CORIN DANN INTERVIEWS AMY ADAMS

SUSAN WOOD

Amy Adams is the minister responsible for the Telecommunications Interception Capability and Security Bill. She says there’s a lot of misinformation around the bill, and she joins Corin now.

CORIN DANN

Misinformation? What misinformation is there?

AMY ADAMS - Communications and IT Minister

Well, for example, in your lead-in piece, there was talk of a backdoor that’s going to allow the GCSB access to whole new swathes of information. That’s simply not correct. So, what this bill is doing is, first of all, looking at when there is a warrant, when there is a proper, lawful reason for the police or one of our agencies to look at data- And remember that that’s a critical part of law enforcement in this country. All this bill does is look at how those agencies work with the telecommunications companies to give effect to it. The laws we’ve had around this have been in place since 2004, but what we’ve noticed over that time is that the industry structure has changed significantly, and we now need to update that legislation to ensure it’s still appropriate. So this sort of implication that somehow this is a great, new power grab is simply wrong. There is no backdoor, there is no ability for the GCSB to get extra information under this bill, there is no ability to access stored or historic data. It is simply about real-time interception.

CORIN            So what do they do, then? Because surely those telcos hold that information there for a certain amount of time so that in the event that you have a warrant, you can get it.

AMY                No. This regime is entirely around real-time interception. And if you talk to the police, they are very clear that actually the ability to access real-time communication information is critical to solving almost all of the serious cases in NZ. So if we want to talk about protecting New Zealanders from crime, protecting New Zealanders from unlawful intrusion into their data, that is what this legislation is about.

CORIN            So, let me just clarify here that information stored - say, someone’s internet traffic, Facebook comments from years gone by - you’re saying-

AMY                This bill has nothing to do with it.

CORIN            You’re saying the GCSB can never get access to that material?

AMY                What I’m saying is this legislation does not provide any ability for any agency to access stored data. And, actually, when you look at how many of the supposed experts in the space are making allegations to the contrary, you really have to wonder whether they’ve even read the bill.

CORIN            Why not, though, get access to that data?

AMY                Well, I’m not saying that’s the case, but you’ve asked me on to talk about the TICS legislation, and I want to be really clear. There is nothing in the TICS legislation that puts a backdoor into any company, a backdoor into any network, gives the GCSB any wider powers than they already have or allows any access to stored data. This is simply about- In the main, it’s police accessing real-time communications to prevent and prosecute major crime. And I think that’s someone most New Zealanders accept there’s a very real need for.

CORIN            Ok, but we’ve heard from the likes of Google, from the likes of Microsoft. They are all complaining about this bill. It is heavy-handed, it is draconian, forcing them to do things they don’t want to do.

AMY                Well, there’s two things there. So, first of all, in my view, if you’re an offshore multinational, you have to comply with the same laws that we expect NZ companies to comply with, and that’s what Google and Microsoft are upset about. They don’t think that anyone who’s offshore should have to comply. Now, actually, in my view, if you’re selling services in NZ to New Zealanders, we expect you to comply-

CORIN            So, we’re talking about Skype and those sorts of things, aren’t we?

AMY                Well, that’s right. So, the legislation currently, so the law we’re already working under, says that any of these service providers have a duty to assist. Now, what that means is that they have to provide all reasonable assistance. That’s already the law. That will still be the law.

CORIN            But previously- But this is where there clearly is an expansion, because previously you wouldn’t have been able to access the likes of Skype or Google Chat or Microsoft Chat services.

AMY                Well, that’s wrong, Corin. That’s wrong. So, the law right now says that all of those service providers have a duty to assist, which means they have to take all reasonable steps to comply with the warrant.

CORIN            But you’ve given yourself powers in this law to call them in. Why put those powers in the law if you didn’t need to?

AMY                Ok, so, what the legislation says is that the duty to assist that already applies continues to apply. And what we’ve said is that if, in the future, there is a need to step up from an operational basis to a higher level of pre-investment, then there’s a process for us to work through that.

CORIN            What does that mean? A higher level of pre-investment?

AMY                So, what that means is right now, if you’re a service provider, so if you’re a Google or a Skype, then you have to provide all reasonable steps to assist. That’s already the law. That will still be the law. That does not change. If, in the future, we find that operational reasons mean that it’s actually more useful for those companies to have pre-investment in the capability- So, rather than saying, ‘Yep, I’ll help. If you’ve got a warrant, come in and we’ll work with you to get the information we need, pre-provide some of that service, then we can work through a process to do it.’ The law doesn’t do it now because, frankly, there’s not the need or the process. But we have set up an ability for the law in time-

CORIN            But you’re obviously worried that people that you’re targeting for whatever reason are using these over-the-top services, and you’re not even going to tell New Zealanders whether in fact you’re going require them to play ball.

AMY                No, well, that’s not entirely true, either. So, if, for example, we were to expand the obligations to a class of provider, that’s done under regulations, and all the normal processes would be followed. So if it’s a one-off, case-by-case application, then it may be done confidentially if there’s a good reason, or it may be perfectly open, and we’d have to work through that as it applies. But let me be really clear - these sorts of obligations are already in place in Australia, they’re already in place in the UK, and they’re very similar to what’s in place in the US. This is not unusual. This is not a new thing.

CORIN            That’s exactly the point that Russel Norman was making. He’s saying that this is taking us down the path towards the NSA in PRISM who have been found to have done widespread state surveillance.

AMY                No, not at all, because Russel and, frankly, the last segment completely confused the discussion around the GCSB Bill, which, frankly, Russel has been running a campaign of misinformation on for some time to score points. Completely confusing that with what’s in this legislation. This is technical legislation around how lawful warrants are given effect to, and updating it, actually, is very sensible and reflects the modern reality of communication.

CORIN            Ok, let’s move on from a, sort of, debate about the expansion of powers and the debate- Also, the IT industry’s saying this is going to scare off entrepreneurs, investors who want to get in, you know, small IT companies in NZ. Too much cost, too much of a burden.

AMY                Yeah, but, again, look at what they’ve based that on. They’ve based that on the assumption that there’s a backdoor, which there simply is not. They’ve based it on the assumption that there’s an ability to access stored data, which there is not. They’ve based it on the assumption the GCSB has a right to dictate how they run their networks, which is completely incorrect.

CORIN            But it’s in the law that they could face a $500,000 fine if they don’t provide services to the GCSB.

AMY                No. So, what it says in the law is that if you are a network operator, you should consult with the GCSB on the design of critical parts of your infrastructure. It doesn’t give the GCSB the right to veto it. It doesn’t give them the right to control how the network runs, and, interestingly, it doesn’t apply at all to ICT companies who are service providers. It doesn’t apply at all. Now, actually, what the bill does, and the Regulatory Impact Statement makes this very clear, is reduce the compliance cost burden on ICT companies. So I would just suggest when these people are out there sort of chucking huge figures around that they need to go back and look at their assumptions. And, actually, my suggestion is that how are we going to invest anyone into the NZ ICT space if we can’t give assurance that our networks are secure, are resilient-?

CORIN            Just one final point on that. You are going to be involved in the building of networks as well. Is that a sign that you were worried about the likes of Huawei from China coming here?

AMY                No, I think what it’s saying is that right now we know that the GCSB has access to all sorts of threats and risk information that your average telco company doesn’t. So at the moment, what happens is the telcos usually come to the GCSB on an informal basis and work with them to identify if there are any threats they need to be aware of. That is completely non-legislated, it’s not transparent, and it’s certainly not a requirement. And, interestingly, in October last year, it was the Opposition who were jumping up and down, saying, ‘Why isn’t the government going to take steps to ban this company or ban that company?’ We don’t have the power to right now. This legislation would say that, actually, if there was a threat, we would have power to respond.

CORIN            Amy Adams, thank you very much for your time.

AMY                You’re welcome.

ENDS

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

 
 
 
 
 
 

LATEST HEADLINES

  • PARLIAMENT
  • POLITICS
  • REGIONAL
 
 

InfoPages News Channels


 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.