Paul Brislen takes a look at the two pieces of legislation currently making their way with, what he believes, “undue haste” through New Zealand’s parliament.
There are two pieces of legislation that currently concern me. The first is the Government Communications and Security Bureau Bill, which is designed to tidy up some pesky confusion about just what the GCSB is allowed to do.
According to the government, the current Act is outdated and open to misinterpretation. Apparently, the New Zealand government has been allowing the NZ SIS and police to use the GCSB personnel and capability to fill in gaps in their own capabilities. That is, the SIS or police get a warrant to spy on a New Zealand citizen or resident and the GCSB does the leg work.
The only problem with this (well, not the only problem, but the one we’ll focus on) is the current GCSB Act prohibits the GCSB from doing this. But the Government says it’s not clear and the new legislation will tidy it up for all to see.
The current Act says:
Neither the Director, nor an employee of the Bureau, nor a person acting on behalf of the Bureau may authorise or take any action for the purpose of intercepting the communications of a person (not being a foreign organisation or a foreign person) who is a New Zealand citizen or a permanent resident.
Frankly, to my mind, this seems quite clear-cut and unambiguous. The GCSB cannot spy on New Zealand citizens or permanent residents at all. Ever. Under any circumstances.
The Prime Minister says the new GCSB Bill won’t extend the powers of the GCSB but will allow the GCSB to spy on New Zealanders or permanent residents. Sounds like an extension to me.
On top of that, the government has introduced a new Telecommunications Interception (Capability and Security) Bill which will “tidy up” the existing Telecommunications Interception Act which is also, apparently, somewhat loosely worded.
The current Act requires telcos to work with agencies that have warrants and to ensure that communications are able to be intercepted.
The new TICS Bill goes beyond that. Not only will telcos be required to make sure their networks can be intercepted, but over-the-top providers (such as Google, Microsoft and Apple) may also be required to do likewise. In addition, if these providers come up with a product that can’t be intercepted, the GCSB may require that product not be sold in New Zealand.
So, if Apple comes up with a messaging solution, let’s call it iMessage because that’s its name, which is encrypted and which allows secure communication that can’t be intercepted, then either Apple has to hack its own systems on behalf of the New Zealand spy agency or not sell the product in New Zealand. Which is likely to happen do you think, given that the equivalent US law explicitly tells US telco service providers that they’re not allowed to do this kind of thing for any other country? They can spy for America, but not for New Zealand.
And let’s imagine that a New Zealand company comes up with a new cloud-based service that revolutionises business communications. Given the extreme nature of the New Zealand legislation, would any non-New Zealander ever trust that company’s assurances regarding security and privacy? Probably not.
The TICS bill doesn’t stop there. It goes one step further and introduces a whole new section which gives the GCSB the power to oversee certain elements of the telcos’ networks. Companies like Chorus, Vodafone and Telecom won’t be allowed to make changes to certain key elements without getting permission from the GCSB. Presumably that will include not only the hardware and software that will be deployed (or removed) but also which provider the telcos are allowed to use. Given that the Regulatory Impact Statement (RIS) prepared by ministry officials includes lots of redacted paragraphs, it’s a little hard to tell just what advice was given, but there are numerous references to Huawei and ZTE, two well-known Chinese equipment providers.
The upshot is that the government is increasing the GCSB’s capability but outsourcing the cost of that increase to the telcos themselves. Huawei has made a name for itself by offering good quality equipment at a significant cost saving for the telcos – if they can’t use Huawei in future because of some perceived security issue then the telcos costs will increase, even before we get into the realm of having to store (and make accessible) customer data.
This is the crux of the issue. We have a security apparatus that is built around an alliance with our traditional comrades in arms – the US, UK, Australia and Canada. But at the same time we have a trade model built around the new world order of South East Asia and China in particular. The two worlds don’t exist well together and unfortunately we’re eventually going to have to choose one over the other. In the meantime, New Zealanders will be spied on by an agency with a new remit that includes not only security issues but also economic factors, and we will end up paying more for the privilege.
These are indeed strange times we live in.