Juha writes, "When the rest of the world decides to scrutinise and dial down mass surveillance of Internet users, New Zealand does the opposite. From now on, network operators will have to register with the cops, have staff with security clearance and ask the GCSB spy agency for permission to change their networks and buy gear. This is to make it easier for the government to intercept communications and to keep network secure. The new law applies to everyone, from small ISPs to Facebook, Google, Microsoft and telcos. Failure to comply could cost as much as NZ$500,000 in fines per day."
Registrants must tell the police their total number of connections, customers and size of their geographic coverage, and ensure that law enforcement agencies have access to customer data and connections when needed.
As part of the new law – which requires the country's main signals intelligence agency, the Government Communications Security Bureau (GCSB) to play a prime role in network and systems security – providers are now dutybound to notify the state about any design and procurement decisions before implementation, according to government guidance [PDF].
Prior to TICSA, network operators were free to design their infrastructure according to their wishes and to meet commercial demands, and to buy equipment and software from any supplier.
From this month, the GCSB has to be notified of and approve proposed changes to a provider's network operations centre, core network including gateways and interconnects as well customer databases and authentication systems.
Providers will also be required to have their staff vetted for security clearance. However, the GCSB will not run the security clearance process itself, and warns that this "may take a significant length of time."
Tough NZ comms interception, network security law kicks in [Juha Saarinen/IT News]
(Thanks, Juha!)
