Blog Post: Interception

Interception

The government is going to update the Telecommunications Interception Act which came into effect in 2004.

Nearly a decade on it's a good idea to review these things and to make sure we have a process that works, that the need is still the same, that the players involved are still doing the same things in the same way.

The Act allows the police, or SIS or GCSB, to call on the telcos for information about customers. Typically this involves a search warrant or similar legal document made out about a particular customer's account. Telcos can then intercept TXT messages or phone calls or data connections. They can track email trails, they can locate cellphones using GPS or cellsite triangulation. They can access your communications.

Typically the telcos take this kind of intrusion very seriously indeed. They have teams that handle these enquiries, they move with urgency and they get the job done.

[…]

The government says the Act needs updating. It says there are two arms to this legislation - interception and network security.

Interception seems to me, at any rate, to be working well. The telcos respond quickly (I've not heard of a telco not responding in a timely fashion) but won't have a bar of the government agencies taking shortcuts. For a while there was talk of the police faxing through warrants rather than showing up. That was deemed unacceptable pretty sharpishly and I haven't heard anything similar since then.

Network security, likewise, works well. The GCSB stays out of the way and the telcos roll out state of the art deployments that should be as secure as they can be. Ironically, the Act requires the telcos make their networks hackable - that is, the Act itself is a single point of weakness, albeit one tucked away inside the networks' operation centres. Left to their own devices, the telcos wouldn't be willing to entertain any question about their security capabilities. It's a selling point, it's basic hygiene and it's vital to their on-going commercial role.

So what needs fixing?

Well, since 2004 the telco world has changed. No longer do we buy all our services from our telcos. Instead we buy a pipe and get our services from other providers.

Currently these over the top providers (OTT) offer TXT, email and data-centric comms but shortly I'm sure it'll be voice as well (think Viber, Skype and the like). These services show up to the network operators as bits of data, encrypted by a third party player, sent from one device to another. They have little visibility of what the content is (they can make an educated guess of course - certain services use certain ports, for example) and they certainly can't crack that encryption to see what's going on.

[…]

Without knowing what the problem is the government wants to solve, it's rather tricky to understand where this is all going. All of the above is based on the Minister's press release, which is rather brief. The Bill itself will be available next month and TUANZ will be taking a close look at the detail. It's important we get this right because if we get it wrong the consequences could be quite miserable.

Full post: Interception — TUANZ - Telecommunications Users Association Of New Zealand

© Scoop Media