Tuesday, May 07, 2013

The other spy bill

Yesterday the government released its spy bill to "fix" the problem of the GCSB abusing its powers by granting them even more. But that wasn't the only one - they also released a Telecommunications (Interception Capability and Security) Bill. This is a fairly technical piece of legislation designed to replace the Telecommunications (Interception Capability) Act 2004. That Act requires "telecommunications providers" (including ISPs) to maintain an interception capability so that the police (and spies) can listen in when they have a warrant. The new bill makes some tweaks around this, but also adds in an entirely new "network security" regime under - you guessed it - the GCSB. Highlights:

  • The government will be able to ban any foreign-provided service (such as those VPNs we use to get around their absurd copyright laws) that does not provide a built-in backdoor for GCSB and the police;
  • ISPs will have to inform GCSB of any "security risk". They will need to consult GCSB before changing any equipment, system or service falling within an area of "specified security interest". Basically, GCSB will be able to micromanage their technical decisions in the name of "national security".
  • What's a system of "specified security interest"? Anything the government wants. At the moment it includes "network operations centres", customer information and passwords, "any place in a network where data aggregates in large volumes, being either data in transit or stored data", and anything the government adds by regulation.
  • Court cases under the bill will use an Ahmed Zaoui-style "closed material procedure", with "classified" evidence withheld from the defence.
  • All ISPS will be required to register with police, like printing presses in a pre-Englightenment absolute monarchy
This is a significant expansion of the GCSB's power, and it has been sprung on us by surprise, and without consultation. In particular, the question of whether we want to have the GCSB as super-sysop, micromanaging everyone's technical decisions, has never been asked. It would be nice if the government asked us first before they presumed to stick their noses into our networks.