Spy agency oversight sends chill up telco spines
New Zealand's telecommunications companies are confident their network security regimes are robust and are concerned introducing expanded oversight by the country's foreign-facing spy agency will create new commercial risks.
Network operator Chorus and telecommunication service firms Telecom and Vodafone New Zealand all raised objections to the expanded role granted to the Government Communications Security Bureau in oral submissions on the Telecommunications (Interception Capability and Security) Bill.
The proposed legislation obliges network operators to grant greater access to surveillance agencies including the GCSB, Security Intelligence Service and police, something all three companies said was unnecessary and could pose regulatory risks to their businesses.
"We don't agree that statutory powers for GCSB to require additional security are necessary or in the public interest," Airihi Mahuika, principal counsel, regulatory and competition at Chorus, told Parliament's law and order select committee.
"The current proposals could require significant investment, delays in procurement processes, impact on commercial interest, contractual obligations and potentially stifle innovation."
Because GCSB had incentives to focus on security risks without bearing any cost, it would not be under the same urgency a private company was, she said.
All three telecommunications companies sought a strict timeframe for GCSB to respond in their interactions with network operators to be included in the legislation, to ensure any delays were minimised and didn't affect investment.
The bill aims to set out the obligations on telecommunications companies to offer interception capabilities on their networks to surveillance units, and oblige them to engage with those agencies about potential risks to the country's national security or economic well-being when building and running their networks.
Among others to appear before the committee, Jason McHerron of the New Zealand Law Society said the definitions of security risk was too broad and had wide implications by including any potential risk to the country's well-being.
"It brings to mind some sort of central planning of telecommunications by what is effectively a spy agency," he said. "The Law Society does have some questions about how well-equipped the GCSB is to carry out that role."
John Wesley-Smith, Telecom general manager of regulatory and industry affairs, also took issue with the proposal granting ministerial direction where a significant risk to national security is raised, and said if it is ever exercised the phone company would want half of its costs covered.
Chris Abbot, head of public policy at Vodafone, opposed the proposed exemption for small network operators, saying it would create incentives for people to circumvent obligations at the major companies.
The three major telecommunications firms were also adamant the initial exemption of companies which sell their services without owning a network, known as over-the-top service providers, created a major gap and undermined the intent of the legislation with more information being relayed via these avenues.
Vikram Kumar, chief executive of Kim Dotcom's Mega, criticised the lack of consultation with over-the-top service providers, and said the proposal to impose blanket interception capabilities on service companies would deter them from setting up in New Zealand.
"The competitive position of New Zealand will be significantly weakened if this bill passes in its current form," he said. "We're disappointed that no evidence has been provided whatsoever on the need for this law, particularly in relation to service providers."