NZ phone companies to work more closely with GCSB - but what is a phone company these days?

Who should big brother be watching?

A pending up to the Telecommunications (Interception Capability) Act 2004 has highlighted tension between traditional phone companies and internet-only services.

The snooping spat reveals a lot about where the industry is heading.

Current law obliges telecommunications companies (“telcos”) to cooperate with law enforcement agencies, and to have intercept capabilities on their networks.

“The Act allows the police, or SIS or GCSB, to call on the telcos for information about customers,” Telecommunications Users Association head Paul Brislen explains.

“Typically this involves a search warrant on a particular customer's account. Telcos can then intercept txt messages or phone calls or data connections. They can track email trails, they can locate cellphones using GPS or cellsite triangulation. They can access your communications.”

In the legislative update, the law will be rechristened the Telecommunications (Interception Capability and Security) Act.

“Security” is the operative word here, hinting at its Big Brother-ish creep.

Tech Liberty founder and Council for Civil Liberties executive committee member Thomas Beagle says while telcos have long had to have intercept capability in place, the new wrinkle is that they will have to actively work with the GCSB, and others.

As Information, Communications and Technology Minister Amy Adams put it as she announced the pending law change, “Network operators will be obliged to engage with the Government on network security matters, and to inform the Government of network decisions that may be of significant security interest.”

Tuanz boss Paul Brislen scratches his head, wondering what two of Ms Adams’ sweeping statements, such as:

"These [security] requirements will be backed by a graduated enforcement regime, with escalating responses available if significant national security risks are raised."

Graduated enforcement? Escalated responses? What does it all mean?

NBR asked Ms Adams, who offered only that more detail would emerge when the legislation was introduced next month.

Mr Brislen will no doubt look at the legislation, once it emerges, with a focus on customers’ right to privacy.

But that’s not the industry’s only concern.

Ms Adams’ announcement was only minutes old before a senior manager at one of the big telcos got on the phone to NBR.

His issue: while the government talks about modernising the Act to reflect changing technology, he wonders just how far it will go.

He hoped the Act would expand its definition of a telco to include so-called over-the-top providers such as Microsoft (with its Skype voice and video chat), Google (which has its own chat product), Apple with iMessage, and Viber and countless others that offer software-based services for communicating over the internet.

But he suspects “That will be put in the too hard basket."

However, his company will lobby hard on the point once the first draft of the legislation appears next month, he says.

 No wonder. Some pundits now call Microsoft the largest phone company in the world, given it bought Skype, which has around 250 million active users. Many phone companies see Microsoft – and Google and Viber and others using voice-over-internet protocol (VoIP) software over their networks – as freeloaders. Anything that shifts some of the cost onto the (relative) newcomers is welcomed.

Our telco man had another, related problem: whether someone gets snooped on depends, in part, on what door they came in through, so to speak.

The telco boss gave the example of someone who buys Office 365 – Microsoft’s new, online version of its popular suite that includes Word, Excel, PowerPoint and its Outlook email software.

If you buy Office 365 from Dick Smith, you get a box with a code and away you go to download and use the service. If you buy it online from Microsoft itself they don't bother with the box, but the product is the same.

But buy Office 365 from a telco (and it is sold by Gen-i, Telecom’s services division, for example), then it’s defined as telco service and will be governed by the current Interception Act.

The telco insider wondered why phone companies got lumbered with the extra costs and responsibilities of interception; whether that would change – and if customers would avoid buying software from telcos if it didn’t.

(Microsoft NZ declined the opportunity to comment.)

A related issue is encryption.

The current interception law says telcos do not have to decrypt traffic on their network.

Mr Brislen says most modern networks encrypt traffic. He speculates that “Rather than spend money breaking such encryption, the GCSB will be able to engage with the telcos directly - assuming the paperwork is in order."

He hopes that won’t happen. “If the government decrees all encryption must be cracked, New Zealand will become a backwater.”

He notes that over-the-top service providers like Microsoft and Google don't always need the telcos' support to operate, so it makes it very difficult for the telcos to capture this data on behalf of agencies which might, in say three months' time or a year or more, need to access it.

So it’s going to be hard yards for the traditional phone companies of the intercept law isn’t extended to cover such players.

But if over-the-top providers like Microsoft, with Skype, do get covered by such an obligation to de-encrypt, he sees it as curtains – at least for their NZ customers.

“Any service that uses encryption would effectively be put out of business if over-the-top service providers [like Microsoft with Skype] become network operators,” Mr Brislen says.

“Game over.”