GCSB Bill secret backdoor revelation - Govt rebuttal cuts no ice with Kumar

Vikram Kumar is dismissive of the government's response to his NBR article over the weekend. After firing off a series of Official Information Act requests, Mr Kumar learned the Crown plans to force service providers to create interception capability for surveillance agencies whence the Telco Intercept Bill becomes law - and then possibly issue a gag order on the provider.

The response (below), issued by the Ministry for Business, Innovation and Employment (MBIE) contains no new information and merely restates the facts, Mr Kumar says. It simply re-states the facts.

He adds, "The way to a totalitarian state is paved by secrecy. This [in the MBIE statement] says it all: 'where an individual service provider is deemed-in, this would be through Ministerial direction and would not be done publicly... public discussion about individual levels of capability would be detrimental'.

"In an internet age two things are certain: an information vacuum is impossible and the Internet will treat this as damage and route around it," the Internet NZ boss turned Mega CEO says.

"It really saddens me to see New Zealand's digital future being trashed by unsubstantiated national security and law enforcement concerns."

A spokesman for ICT Minister Amy Adams' office told NBR ONLINE she was unavailable for comment.

RAW DATA: MBIE response to Vikkram Kumar's article, Revealed: govt plans secret orders to service providers once spy bill becomes law

The ability of government agencies to work effectively with telecommunications companies is a vital part of the Government’s role in protecting the country from crime and protecting our national security. For example, interception of telecommunications is vital to investigating and prosecuting serious offending such as homicides and serious drug crimes, in emergencies such as armed offender situations or kidnappings, in combatting threats to national security, and prosecuting cybercrime, both domestically and internationally.

Under the current Telecommunications (Interception Capability) Act 2004 and the Telecommunications (Interception Capability and Security) Bill all service providers already have a “duty to assist”. That duty requires them to take all reasonable steps necessary to fulfil an interception warrant or other lawful interception authority.  

To support this duty, the Bill does allow for interception capability duties to be imposed on service providers (obligations which apply to network operators today). This is a structured process which permits the extension of capability obligations on a case-by-case basis, either to individual service providers or specified groups of service providers. Like the “duty to assist” obligation, this capability can only be used to fulfil an interception warrant or other lawful interception authority – as is the case in the current Act. 

Classes of service providers would be deemed-in by regulation. However, where an individual service provider is deemed-in, this would be through Ministerial direction and would not be done publicly.

Individual deem-ins allow a more targeted imposition of obligations and avoid blanket compliance across a wider group of service providers, and the associated costs.

An individual deem-in will be done through a Ministerial direction, so as not to publicly disclose any operational, commercial or strategic information that could impinge on the agencies’ investigations. This would be done under the TICS Bill (once enacted) and the need for confidentiality would be considered on a case by-case basis. If required and appropriate, confidentiality would be included in the terms and conditions of Minister’s direction.

The need for confidentiality reflects the fact that the Bill and current Act deal with sensitive law enforcement and national security interests, as well as potentially sensitive commercial interests, where public discussion about individual levels of capability would be detrimental.

It is also worth noting that under the current Act exemptions to the obligation to be intercept capable are granted by the Minister on a confidential basis – so confidentiality in these circumstances is not new.

The Minister responsible for the Act can only impose obligations on an individual service provider through Ministerial direction if they have considered:

• the stated statutory test - that takes into account both law enforcement and national security considerations and impact to the service provider;
• any submission provided by the affected service provider.

If a service provider is individually deemed-in, they will have the ability to request a review of the Minister’s decision from a review panel of three persons, and the Minister must consider the recommendations of that panel. The decision may also be judicially reviewed.

To reiterate, if obligations to be intercept capable are extended to an individual service provider, that capability is for the purposes of fulfilling an interception warrant or other lawful authority. As is the case under the current Act, the duty for full interception capability includes clear privacy protections.

Nothing in this Bill extends warranting powers or lawful authority to intercept for government agencies. That authority exists in other pieces of legislation.