Hard News by Russell Brown

Read Post

Hard News: Snowden and New Zealand

126 Responses

First ←Older Page 1 2 3 4 5 6 Newer→ Last

  • Idiot Savant, in reply to Russell Brown,

    Many people in telecommunications are very unhappy about all this. Understandably.

    Then they should simply refuse to cooperate with SIS's underwear sniffing. The government can hardly shut down the entire NZ internet, and if a civil disobediance campaign is widespread enough (people refusing to fill out the forms, refusing to fill them out accurately, and refusing to speak to SIS snoops seeking to check referees), then that is the option they will face.

    Palmerston North • Since Nov 2006 • 1717 posts Report

  • Paul Campbell,

    I think every person in the country should all file the appropriate paper whenever they buy a wireless access point, or enable an access point on a phone, or ..... drown them in their own paper work

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Idiot Savant, in reply to Paul Campbell,

    They're already drowning in their own paperwork. A few years ago SIS took years to grant a security clearance (and they didn't do it right - remember this guy? SIS gave him a clearance).

    Palmerston North • Since Nov 2006 • 1717 posts Report

  • Stephen R, in reply to Idiot Savant,

    OTOH, if you don't want to play, just tell them that you're a drug-addicted communist wikileaks-supporter with huge financial problems who is cheating on your partner (that establishes three of the classic motives: Money, Ideology, Compromise). Problem solved.

    Yeah, nah. Not if you have a real job.

    The Act, as I understand it, allows the GCSB to shut down network provision businesses who don't comply, which means that if they can't get any staff with security clearances, then they (potentially) can't operate, which means they'll (somewhat justifiably) make passing a security clearance check a requirement to be/stay employed.

    It's one thing to muck the Government around when it just costs them time, it's another when it affects your ability to pay the rent.

    Wellington • Since Jul 2009 • 259 posts Report

  • Matthew Poole, in reply to nzlemming,

    Not as the USA does, where you get vetted and it stays with you as an individual. Generally, security clearances apply only to staff of a government organisation and are the decision of the Chief Executive of that agency and only for that agency.

    Just like in the US, actually. A clearance for Department of Defence does not translate to a clearance for Department of Energy (home of the US nuclear weapons fabrication system) does not translate to a clearance for the Department of Homeland Insecurity/Department of Justice. They'll recognise each others' clearances for information sharing, but that's not the same as being granted a clearance for that agency.

    There, as here, a vetting of sufficient recency can be "transferred" to another government sector for use in considering a new application for a clearance, but the clearance itself is granted by the agency.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Matthew Poole, in reply to Paul Campbell,

    “GCSB must approve all changes to your network”

    Not correct. GCSB must approve changes to broad categories of a network, but not all changes. You can re-number your network as often as you wish. You can change your network administration credentials without seeking GCSB approval. You can deploy whatever CPE you choose.
    It's a bloody stupid rule, but it's not an absolute "You can't even pick your nose without our say-so" rule.

    “all your employees must receive a security clearance”

    Also not in the least bit correct. A provider must nominate an employee (singular) to apply for a secret-level clearance, but there is zero requirement that all employees be even vetted, never mind granted a security clearance.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Matthew Poole, in reply to Stephen R,

    I’d bet that if a network provider found a way to firewall off any command/control signals from outside their network, the GCSB would tell them to stop.

    GCSB has no mandate to make such a demand. The law is pretty clear that interception capability is an on-premises activity, not one that takes place remotely. There is zero obligation on providers to allow GCSB to electronically prowl the network.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Matthew Poole, in reply to Idiot Savant,

    But demanding it of civilians who have nothing to do with the government

    They may not want to have anything to do with the government, but by dint of working for a network provider who is legally required to have something to do with the government, they now do have something to do with the government. Interception capabilities for criminal investigations are sensitive subjects. It's not surprising that there's no desire at the GCSB to have any uncleared Joe have access to snoop at such things.

    Auckland • Since Mar 2007 • 4097 posts Report

  • nzlemming, in reply to Idiot Savant,

    There’s a candidate guide here.

    Ah, thank you, I knew there was one somewhere.

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Russell Brown,

    From Buddle Finlay's October 2013 summary Telecommunications interception Bill – too much?:

    SERVICE PROVIDERS

    A "service provider" under the Bill is any person within or outside New Zealand (other than a network operator) who provides a telecommunications service in New Zealand to an end-user, as part of a business or otherwise. Subject to considerable limitations, the responsible Minister may, on the application of a surveillance agency, direct a service provider to comply with one of a specific list of network operator duties, including duties to be "intercept ready" or "intercept accessible" (and may direct the operator to comply with corresponding network operator "obligations"). The limitations on these directions include that the surveillance agency must notify the affected service provider and give it a reasonable time within which to make submissions to the Minister. The agency must also consider whether that lack of interception capability on the provider's telecommunications service adversely affects national security (including New Zealand's economic well-being) or law enforcement. If the Minister makes such a direction the service provider may request a review of the decision by a panel of suitably qualified independent persons, who must each have the appropriate security clearance.

    The definition of "service provider" is wide enough to cover any business or agency making internet or email services available to its staff or customers, even on a non-commercial basis, and would include the likes of Google, Yahoo! and Facebook.

    The "TICS" Bill imposes significant obligations on telecommunications network operators. It also has the potential to impose significant obligations on other providers who might not generally be considered to be in the business of providing public telecommunication services.

    In addition, while surveillance agencies already have some powers under the Telecommunications (Interception Capability) Act 2004, the Bill extends the scope of those powers and extends their application beyond the traditional telcos and imposes interception-related obligations on a very broad class of service providers (based both in New Zealand and overseas)

    Auckland • Since Nov 2006 • 22850 posts Report

  • Paul Campbell,

    anyone with a web site "provides a telecommunications service in New Zealand to an end-user" congrats Russell - do you scrub your logs

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Steve Barnes, in reply to Russell Brown,

    (click to embiggen)

    Perfectly cromulent sir...
    On the subject of security clearence. We used to have the "Official Secrets Act" enacted in 1951, repealed? dunno.
    I had to sign it back in the UK, for that is from where it henced.
    I was working in one of the Royal Parks, Greenwich, as a gardener. I had the joy of saying, when asked by an elderly lady as to what I was planting "I could tell you but I would have to kill you"
    Wasn't all fun and games though I can tell you.... actually I can't.

    Peria • Since Dec 2006 • 5521 posts Report

  • Idiot Savant, in reply to Steve Barnes,

    On the subject of security clearence. We used to have the "Official Secrets Act" enacted in 1951, repealed? dunno.

    Repealed by the OIA over 30 years ago.

    Palmerston North • Since Nov 2006 • 1717 posts Report

  • Ian Dalziel, in reply to Tom Semmens,

    After all, you send a squad car to arrest a copyright infringer who fails to appear in court after a summons. You launch a helicopter raid on a terrorist’s mansion.

    You obviously missed the memo!
    Things have been ratcheted up a notch or two. Nowadays: you send a helicopter raid to neutralise a copyright infringer who fails to appear in court after a summons. You launch a drone-based smart missile on a terrorist’s mansion.

    :- (

    Christchurch • Since Dec 2006 • 7953 posts Report

  • Stephen Judd,

    Many people wrote to the Minister complaining the definitions of network operator were way too broad.

    She replied essentially saying we were reading the legislation wrong and that only parties covered under existing legislation were intended. No, there was no need to add clarifying language to the bill.

    Quite an interesting discussion going on in the network community here:

    http://list.waikato.ac.nz/pipermail/nznog/2014-May/020802.html

    Wellington • Since Nov 2006 • 3122 posts Report

  • Chris Waugh, in reply to Idiot Savant,

    The government can hardly shut down the entire NZ internet, and if a civil disobediance campaign is widespread enough (people refusing to fill out the forms, refusing to fill them out accurately, and refusing to speak to SIS snoops seeking to check referees), then that is the option they will face.

    Why not? China shut down the entire internet in Xinjiang over race riots in Urumqi a few years back. Perhaps a little more likely would be the government making business very difficult for a few telcos to scare the others into line along with nice, friendly ministers telling the public that if you've got nothing to hide, you've got nothing to fear... But still, it's just a matter of pulling the plug, and then what's the public supposed to do?

    Wellington • Since Jan 2007 • 2401 posts Report

  • Steve Barnes,

    And of course we all knew how safe Skype was eh?

    "PRISM has a new collection capability: Skype stored communications," a previously confidential NSA memo from 2013 declared. "Skype stored communications will contain unique data which is not collected via normal real-time surveillance collection." The data includes buddy lists, credit card information, call records, user account data, and "other material" that is of value to the NSA's special source operations.

    Peria • Since Dec 2006 • 5521 posts Report

  • Steve Barnes,

    And of course. They do all this spying stuff to keep us all safe from harm...
    U-2’s flight plan was like malware to FAA computer system

    the system ignored this manually keyed altitude data. It started evaluating all possible altitudes along the U-2’s planned flight path for potential collisions with other aircraft. That caused the system to exceed the amount of memory allotted to handling the flight’s data, which in turn resulted in system errors and restarts. It eventually crashed the ERAM look-ahead system, affecting the FAA’s conflict-handling for all the other aircraft in the zone controlled out of its Los Angeles facility.

    Peria • Since Dec 2006 • 5521 posts Report

  • Paul Campbell,

    I'm happy to see that the GCSB's list of rules is marked twice on every page "UNCLASSIFIED" ... sadly I guess that means that there are other rules that people all have to adhere to that are classified

    Dunedin • Since Nov 2006 • 2623 posts Report

  • TracyMac, in reply to Paul Campbell,

    Let's not get too silly. A "telecommunications service" is about connectivity - the means to transfer the data bits. A website is as much a "telecommunications service" as a phone call.

    Canberra, West Island • Since Nov 2006 • 701 posts Report

  • TracyMac,

    I can see the security model they're aiming at being similar to Australia's. There, (mostly) public servants can get a security clearance at one of four levels, which can be transferred between agencies (there's a process to this - you don't just get access to every agency's "Secret"-classified information unless that agency authorises it). It's much better than the old system of each agency having to do their own security checks.

    Contractors for govt organisations are required to get clearances suitable for any classified material they'll potentially have access to. Staff at private companies (e.g. Telstra) don't require security clearances, except for specified individuals that may need to review classified material. Most of their stuff would be classified by the govt as commercial-in-confidence, so no clearance required for that.

    But you do get stupid things like the situation I'm in, where I work for a Govt Business Enterprise, which is commercial-in-confidence. But they are moving some of their data to a co-lo data facility with other govvie organisations, and I would need a security clearance to access that infrastructure. As an NZ citizen, I'm not eligible, so too bad if something goes tits-up there while I'm on call.

    Canberra, West Island • Since Nov 2006 • 701 posts Report

  • Andre Alessi, in reply to TracyMac,

    Let’s not get too silly. A “telecommunications service” is about connectivity – the means to transfer the data bits. A website is as much a “telecommunications service” as a personal call

    Not to mention that the "service provider" and "network operator" definitions were developed in discussion with the industry. They're well-understood terms in that context. The reason they seem so broad is that wholesale service relationships (for example) are quite hard to explain in simple terms.

    For example, the TCF, in the context of the Customer Transfer Code, defines a Retail Service Provider as:

    ...means any person providing a Telecommunication Service to an End Customer that has the Billing Relationship with the End Customer for that service. The same person may be both an ASW and a RSP; or both a VW and a RSP; or both an ANP and a RSP (except in the case of Telecom NZ Limited).

    So, yeah.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report

  • Paul Campbell,

    I guess if I really wanted to mess with them I'd import a whole bunch of cheap $20 Huawei access points and flood trademe ....

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Russell Brown,

    Attachment

    Another NSA map, from last year -- identifying Waihopai as a location for X-Keyscore. Via Daniel Ayers, who noted that the GCSB issued an RFP "for loads of IT kit same as NSA uses. ... Pre-Snowden NSA contractor job ads want experience w CentOS, VMware, etc. Guess what GCSB issued RFP for?"

    Auckland • Since Nov 2006 • 22850 posts Report

  • Stephen Judd,

    Meh, CentOS and VMWare would be part of the basic infrastructure of many large NZ organisations not least public sector ones. Suggesting a sinister coincidence is drawing a long bow. And I say that as someone who is convinced they *are* in cahoots.

    For the non technical, CentOS is a kind of Linux operating system, VMWare is a technology for making one big grunty server behave like a lot of small servers so you can consolidate services on less hardware -- they aren't nefarious tools for doing bad.

    Wellington • Since Nov 2006 • 3122 posts Report

First ←Older Page 1 2 3 4 5 6 Newer→ Last

Post your response…

This topic is closed.