-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 So is there just reluctant acceptance of this law, or is there push-back and plans to repeal, or...? I guess my question is something along the lines of "Are people just reluctantly accepting that government surveillance & micromanagement of private businesses/networks is a fact of life?" I am purposefully making a distinction here between the U.S. CALEA [1] and NSLs [2] and a NZ spy agency getting "...to decide on network equipment procurement and design decisions". The latter seems like a bit of an overreach? - - ferg [1] https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_... [2] https://en.wikipedia.org/wiki/National_security_letter On 5/13/2014 6:40 AM, George Michaelson wrote:
It got a pretty firefight discussion at the NZNOG. None of the ISPs feel comfortable with it, but in avoiding a shoot-the-messenger syndrome they tried to give good feedback to the reps from GCSB who came to talk. Basically, a lot of post-act variations are expected to clarify what changes do and do not have to be notified.
There was a lot of bitter humour about calling them at 3am to report BGP failures and ask permission to remediate.
On Tue, May 13, 2014 at 3:33 PM, Paul Ferguson <fergdawgster@mykolab.com <mailto:fergdawgster@mykolab.com>> wrote:
I realize that New Zealand is *not* in North America (hence NANOG), but I figure that some global providers might be interested here.
This sounds rather... dire (probably not the right word).
"The new Telecommunications (Interception Capability and Security) Act of 2013 is in effect in New Zealand and brings in several drastic changes for ISPs, telcos and service providers. One of the country's spy agencies, the GCSB, gets to decide on network equipment procurement and design decisions (PDF), plus operators have to register with the police and obtain security clearance for some staff. Somewhat illogically, the NZ government pushed through the law combining mandated communications interception capabilities for law enforcement, with undefined network security requirements as decided by the GCSB. All network operators are subject to the new law, including local providers as well as the likes of Facebook, Google, Microsoft, who have opposed it, saying the new statutes clash with overseas privacy legislation."
http://yro.slashdot.org/story/14/05/13/005259/new-zealand-spy-agency-to-vet-...
FYI,
- ferg
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNyItUACgkQKJasdVTchbL5GwEAxMtkr0W8oCtLTEdJDcdJHZTw hCGmG1ZTbWdb7NTEnwIA/j4YYMcN/gOQCQfABs1UIYFX30i/SewOkXYDOvfO6ReM =rAdv -----END PGP SIGNATURE-----