Hansard and Journals
Telecommunications (Interception Capability and Security) Bill — First Reading
[Sitting date: 08 May 2013. Volume:689;Page:9694. Text is incorporated into the Bound Volume.]
Telecommunications (Interception Capability and Security) Bill
GRANT ROBERTSON (Deputy Leader—Labour) : I raise a point of order, Mr Speaker. I seek your guidance, and I apologise to the Minister for Communications and Information Technology. I have checked with the Bills Office, and there appears to be no regulatory impact statement available for the Telecommunications (Interception Capability and Security) Bill. It is noted in the explanatory note of the bill as having been created. I seek your guidance for us as members of Parliament unable to access that regulatory impact statement when we are debating the bill. It seems to me to be something that members of Parliament should have access to; we certainly did for the last bill. I seek your guidance as to how that works for us and what process there is available to us.
Hon Amy Adams: Speaking to the point of order, Mr Speaker—
Mr DEPUTY SPEAKER: I have already ruled. Are you seeking the call?
Hon Amy Adams: I wished to cover why—
Mr DEPUTY SPEAKER: You can do that in your speech, if you like.
Hon AMY ADAMS (Minister for Communications and Information Technology) : I move, That the Telecommunications (Interception Capability and Security) Bill be now read a first time. At the appropriate time I intend to move that the Telecommunications (Interception Capability and Security) Bill be considered by the Law and Order Committee and that the committee present its final report on or before 20 September 2013.
The telecommunications sector has been evolving rapidly in recent years, with the development of faster, smarter, and globally reaching technologies, networks, and services. The change has been accompanied by a fragmenting industry structure and the proliferation of new entrants in the telecommunications industry. Our legislation needs to keep pace with these changes and be flexible to accommodate continued change in the coming years. With the increasing day-to-day reliance on the internet and information communications technology by the Government, businesses, and individuals, a secure telecommunications infrastructure is essential to protect New Zealand’s national security interests, including our economic well-being. The ability for the Government to appropriately use telecommunications capabilities is also important in the fight against crime.
This bill has two main parts. Firstly, the bill will repeal and replace the Telecommunications (Interception Capability) Act 2004, updating existing obligations on network operators to invest in specialised equipment and expertise to enable lawful interception. Secondly, the bill will introduce a formal framework to ensure the security of our telecommunications networks through partnership between the Government and network operators where there may be a risk to New Zealand’s national security or economic well-being.
Lawful interception relates to the ability of New Zealand Government agencies to intercept private telecommunications where they have the lawful authority to do so. The bill is about the obligations on the telecommunications companies and their relationships with surveillance agencies. It will not in any way alter the authority of police or intelligence and security agencies to intercept telecommunications, nor will it reduce the checks and balances on how these agencies can access and use private communications information. These matters are dealt with under separate legislation that must be complied with before the regime under this legislation can be utilised.
Today, interception of telecommunications plays a vital role in investigating, disrupting, and prosecuting serious crime, detecting and prosecuting international and domestic cyber-crime, combating threats to national security, and responding to emergencies like kidnappings. Surveillance agencies rely heavily on the cooperation and compliance of telecommunications companies for interception. This bill aims to make the interception capability obligations on industry more proportionate and remove the need for unnecessary expenditure. This will be done by removing or reducing obligations in areas where they are unnecessary for operational reasons, they are duplicated, or they are disproportionately expensive.
To ensure flexibility and responsiveness, the bill provides that other telecommunications providers can be deemed to have interception capability obligations, noting that all network operators and service providers will retain their current obligation to assist with interception warrants regardless. These provisions will be exercised through a ministerial direction and can be used only when more onerous obligations are justified for reasons of law enforcement or national security.
The bill also makes other changes such as specifying the international standard to be adhered to when formatting intercepted material for delivery to the surveillance agencies, providing a speedier process for exemptions, clarifying the obligations under the duty to assist and stating clearly that these include help with decryption and that the duty applies to both domestic and offshore providers, and allowing network operators to share specialised equipment and staff. These changes will make a significant positive difference for network operators. Their obligations will be clearer and more easily varied when appropriate, and the costs of complying will be more proportionate.
The Government already works closely with telecommunications providers to address national security risks relating to the design, build, and operation of telecommunications infrastructure. It is timely that this arrangement be formalised to take account of the rapid changes in technology, changes in industry structure, the entry of new and specialist providers, and our ever-increasing reliance on the internet and information and communications technology and its security to conduct our lives. The security of telecommunications networks are critical if we are to prevent the unauthorised ability to access, copy, or divert data, and prevent espionage or the disruption of critical services we all take for granted—for example, in our banking and energy services.
The bill will introduce provisions that will mean network operators will be obliged to engage with the Government through the Government Communications Security Bureau on network security, where it might affect New Zealand’s national security or economic well-being. The bill gives network operators direction on when to notify the Government Communications Security Bureau, and about what. It puts obligations on both the network operator and the bureau to notify each other as soon as they become aware of network security risks or potential risks. It provides a step-by-step process for addressing those risks.
These provisions are about formalising the existing relationship and the existing partnership approach based on principles of working cooperatively and collaboratively with each other and agreeing on decisions and actions that are effective and proportionate to the risk. In rare circumstances where agreements cannot be reached, there is provision for a ministerial direction. This direction will be issued only after taking into account submissions by both the Government Communications Security Bureau and the network operator and after consulting with other relevant Ministers, and only where a significant national security risk is evident. The direction may require the network operator to refrain from a particular course of action, to undertake a specific activity, or to make a specific change to the design, build, or operation of their network.
The lawful interception and network security regimes are both underpinned by a shared compliance and enforcement framework. A register of network operators will be established, with network operators being required to register details, including the size of the customer base and services provided. Surveillance agencies will be given the power to request information from network operators relevant to their obligations.
Network operators can be asked to participate in compliance testing for interception capability and their chief executives can be required to certify that they are compliant with the legislation. The new two-tiered enforcement regime for non-compliance distinguishes between minor non-compliance and serious non-compliance. Minor non-compliance will be dealt with by way of a notice requiring that the breach be remedied within a specified period of time. Serious non-compliance will be dealt with through the High Court, as is currently the case in existing legislation.
These changes to the current legislation are necessary to modernise existing interception capability requirements and to establish a formal and transparent framework for network security. The provisions in this bill will ensure that New Zealand’s telecommunications providers have a clear understanding of how to meet their interception obligations and will safeguard our telecommunications infrastructure. The bill will provide greater certainty and transparency for the telecommunications industry and the New Zealand public. I commend the bill to the House.
CLARE CURRAN (Labour—Dunedin South) : This bill, the Telecommunications (Interception Capability and Security) Bill, represents a major and frightening expansion of Government powers over New Zealand’s communications networks and over those who provide services to New Zealanders on the internet. That is a sobering prospect. It is potentially a big step towards an authoritarian approach to Government.
This bill raises serious issues affecting the civil rights and personal privacy of New Zealanders, and it has a lack of checks and balances. It provides extraordinary discretionary powers to the Minister, on the advice of the Government Communications Security Bureau. On the face of it, this bill could impose unreasonable and illogical costs on network operators to comply with the new requirements. On the face of it, it could capture small network operators, such as schools and Wi-Fi communities, and result in unreasonable and unnecessary compliance and surveillance measures.
It gives ministerial discretion to decide what sort of network should be captured. If, for instance, a network was established to provide information and provide a campaigning tool for an issues-based organisation—an NGO that was of a political nature—could the Minister, on the advice of the Government Communications Security Bureau, decide that this was a threat to national security or economic well-being? That is a frightening thought, and it does go to the heart of democratic activity.
On the face of it, this bill hands the control of the network design and operation of a telecommunications network to the Government Communications Security Bureau in the name of “security”, which not only loads a level of bureaucracy and complexity to a legitimate commercial operation but provides an extraordinary level of potential interference in that commercial operation.
This bill gives sweeping powers to the Minister responsible for the GCSB to prevent, mitigate, or remove a significant network security risk that could be related to national security or our economic well-being—in other words, to have the ability to shut down a network or part of a network should it not comply with its demands. This is not supposition; this is how the bill reads.
On the face of it, this bill contains no definition of the problem that is trying to be solved. I would like to just reiterate the words from the previous discussion around this bill, and that is that the privacy of New Zealand’s citizens counts, the civil liberties of New Zealanders count, and checks and balances count in all of our legislation, and they do not exist in this bill as it has been tabled in this House today. On the face of it, this bill should make New Zealanders afraid of what their Government is trying to achieve. There are so many unanswered questions and too little information about the reason that this bill has been brought before us in this form. It has been brought before us with no consultation, no discussion, no analysis of the problem that it intends to solve, no regulatory impact statement, and a lack of checks and balances that would give the New Zealand public confidence in its security agencies and in its Government.
Labour supports the modernisation of legislation. Labour supports the need to ensure that New Zealanders and New Zealand businesses are protected from cyber-threats. Let there be no doubt about that. Labour has serious concerns, though, about the two core underpinnings of this bill—the obligations being put on telecommunications companies and the changes to the interception capability regime—and deep concern about the introduction of a formal so-called transparent network security regime and the sweeping powers that it gives to both the Government Communications Security Bureau and the Minister.
Labour cannot support this bill. Labour opposes this bill. This is about our national security, about our human rights, and about Kiwis’ confidence in their security agencies and in their telecommunications agencies. It is also about confidence in the Government and trust that our Government will do the right thing.
We want to see evidence-based analysis that would demonstrate the need for such sweeping powers and changes. Late on Monday night I received a media release email with a link to the bill before us. Last night I received in my office a letter from the Minister for Communications and Information Technology regurgitating that media release that she had sent out the day before. Less than 24 hours later we have the first reading of this bill. There has been no briefing to the Opposition on this bill. There has been, to my knowledge, no in-depth discussion with the industry about this bill. There has been, as we have said, no regulatory impact statement released to the public.
This bill sits alongside the Government Communications Security Bureau and Related Legislation Amendment Bill, which Labour also opposes. We believe that before such an overhaul can take place, there has got to be an independent inquiry into our intelligence agencies and, as I said, an evidence-based approach to why this legislation is necessary.
The process around this is incredibly shoddy and it is, quite frankly, frightening because it shows that this Government does not take seriously the concerns of citizens about the important checks and balances that such an important piece of legislation should contain. I am pleased to hear that the bill is going to the Law and Order Committee, which will actually be able to have participation in it. I certainly hope that there will be adequate time for those submissions to be held.
This bill replaces the Telecommunications (Interception Capability) Act 2004, but it adds a significant new component to the title, and that component is “Security”. It also defines threats to our economic well-being as being security risks, but there is no definition about what that means, and that definition, it appears, lies with the Minister and the Government Communications Security Bureau. There is in this legislation no independent oversight or accountability on what economic well-being or national security is.
The process around getting this bill to this House has been shoddy, yet the Prime Minister has said that he wants cross-party support. So why has there not been a discussion with the Opposition parties about this bill? Why has there not been an explanation of the problems that require such sweeping powers to be given to a Minister and to the bureau? Why have we not been told that the intercept arrangements that exist right now between the surveillance agency and the telecommunications companies or the network operators are insufficient? What is wrong with those arrangements? Why has there not been a public discussion on that issue?
We certainly know that there has been a raft of data breaches and security flaws exposed within Government departments and agencies over recent months. In the last year tens of thousands of New Zealanders have had their private information exposed because of lax processes and insufficient IT capability, expertise, and governance arrangements across those Government agencies, but will the bill solve those problems? No. Will it address any of those problems in any way? Is the Government doing anything about those issues in any way? No. What is it doing? Nothing.
Will this bill make New Zealanders feel more safe and secure? My fear is that it is actually going to make them feel more vulnerable—more vulnerable to intrusion into their privacy and civil liberties. There could be intrusions also into the lawful commercial business activities of our network operators, and that is one of the potential dangers behind this bill. Will it have a chilling effect on the innovation of network operation centres and the development of new services? That is a question that is being asked today about this very issue.
Could we see our economic well-being being undermined by this bill? New Zealanders should be aware that this bill covers their email, their texts, Twitter, other social media, Skype, and private encrypted discussions through chat sites and cloud services such as Microsoft Lync, Dropbox, Google Drive, and Mega. It would include any business operating cloud services. It could cover the likes of Xero and TradeMe. The limits of the ministerial and Government Communications Security Bureau powers have not been defined, and they leave many questions unanswered.
JACQUI DEAN (National—Waitaki) : This bill, the Telecommunications (Interception Capability and Security) Bill, repeals and replaces the Telecommunications (Interception Capability) Act 2004. There are two parts to the bill. The first part clarifies interception obligations for telecommunications companies, and the second part introduces a transparent network security regime for network operators and the Government to work together on matters of national security. I look forward to scrutiny of this bill in the Law and Order Committee. Thank you.
GRANT ROBERTSON (Deputy Leader—Labour) : Once again we have the sight of National members supporting a bill through this House that makes significant change to the activities of the Government Communications Security Bureau and to the activities of telecommunication providers and telecommunication users, and we get 1 minute - long, fatuous contributions like that from Jacqui Dean. It is a disgrace to be in this House tonight and watch the National Government once again ride roughshod over democracy, just as it has done time and again over the last 5 years. This Government’s commitment to democracy is wafer-thin.
I want to speak now briefly about the question of the lack of a publicly available regulatory impact statement for this bill, the Telecommunications (Interception Capability and Security) Bill. I want to read from the Treasury website what it says about regulatory impact statements: “To help ensure that the regulatory process is open and transparent, Regulatory Impact Statements (RISs) prepared to support the consideration of regulatory proposals are published at the time the relevant bill is introduced to Parliament or the regulation is gazetted, or at the time of Ministerial release.” We are standing here in this Parliament tonight without a publicly available regulatory impact statement on a piece of legislation that imposes significant additional regulatory burden—
Hon David Parker: Or a Bill of Rights vet.
GRANT ROBERTSON: —on telecommunications matters. In addition to that, as my colleague David Parker says, for the second piece of legislation in a row tonight there is no New Zealand Bill of Rights Act vet—no section 7 report under that bill for these two pieces of legislation. These are pieces of legislation that cut to the heart of New Zealanders’ fundamental rights and freedoms: the rights to go about their business without the State intervening in it.
We have had the discussion already tonight that there will be occasions when we expect our intelligence agencies to undertake activities. We do need to defend our national security, but we do that in balance with the right to privacy, with the right to freedom of expression, and with the right to freedom of organisation. We balance those things together, and tonight this Government rams through two pieces of legislation without releasing a New Zealand Bill of Rights Act vet and, in the case of this bill, without putting up a regulatory impact statement.
That is wrong. It is against the principles of this House. As a member of Parliament, I expect to be able to read a regulatory impact statement and understand what Government officials believe the impact of this legislation will be on those who are affected by it, and I am unable to do that tonight. Not one member of the National Government should be voting for this legislation tonight in the absence of that material.
I am quite confused about this, because what the explanatory note to the bill tells us is that the regulatory impact statement was completed on 12 March. Well, where is it, Minister? Where is it? The Minister for Communications and Information Technology keeps her head down now because the Government is not prepared to give New Zealanders proper information to debate this bill. This bill has been introduced today to this House, and we are debating its first reading tonight. This is a disgraceful display from a National Government that is riding roughshod over democracy.
When we move to the substance of the bill, my colleague Clare Curran has outlined some of the concerns that are in the public arena. It is very important that we set the context of this. The context of this is a time when public confidence in the Government Communications Security Bureau is the lowest it has ever been. A survey told us that 40 percent of New Zealanders have no confidence in the bureau, and yet here we have a piece of legislation pushed through under urgency for its first reading that will extend the powers of the bureau significantly.
I repeat again for this House that this is the time for a fundamental review of our intelligence agencies. Yes, there are new threats to New Zealand security out there. Let us make sure we get in place the organisation and the legislation that will protect New Zealanders’ security and protect New Zealanders’ rights. How can we know that we are doing that without that proper, fundamental review? Once again, this legislation is being put through Parliament in this way because the National Government wants to sweep under the carpet the debacle that has taken place with the Government Communications Security Bureau around the Kim Dotcom affair and what has followed on from that. That is not the way to make legislation; that is not the way to take on an issue that is of such significance for New Zealanders.
The big difference between this legislation and the 2004 legislation that it seeks to replace is the introduction of the concept of security—it is in the title of the bill—and the idea of national security. The absence of a proper definition of that, the absence of any shared understanding of what we are actually talking about, is the fundamental problem I have in this first reading. What we now see in this legislation is significantly increased powers for Ministers. Ministers are deciding what “national security” means here—in fact, not Ministers, but one single Minister. That is a massive extension of the power of what Ministers can do.
Members of Parliament will recall that one of the interesting moments in the Dotcom saga was the ministerial certificate signed by Bill English in John Key’s absence to suppress evidence in the court. Well, what this bill does is set up a whole process for being able to put evidence to a court that only the court will see, and defendants will not see. And who will be making that decision? But one single Minister. It massively extends the power of an individual Minister.
More than that, the Labour Party over the years has copped a lot from the National Party about so-called nanny State initiatives. Well, what is this? What is this, apart from going into private business and setting enormous burdens upon those businesses about what they are able to do and the things that they have to do? It talks about an escalating enforcement regime. This is a piece of legislation, again, that—we do not have a regulatory impact statement to get the officials’ background on this, but on the face of it—will increase costs significantly for people in the telecommunications industry. And for what? The Government has simply not made the case for why this is necessary. Perhaps in the select committee process we will start to get some greater idea from this Government about what the case is that it is making here. But at this stage we have not seen that. All we have seen is a bill that increases the powers of Ministers, that puts further burden on businesses—and we all know that it will be the users of those businesses who will wear the costs in the end.
This bill, in its shoddy process that it has come through to us, actually does a number of things that I believe people in the telecommunications industry will be deeply concerned about. What it actually says is that the Government Communications Security Bureau now has a role in the design and development of data and voice communication networks in New Zealand. It actually gives the bureau a role in that—a vetting role, a role where it could actually stop the development of a network if it believes it somehow breaches this undefined national security. Have a think about that. That is a Government agency having the ability to say to an NGO or to a private business that it is sorry, but its network is not acceptable to the bureau. That is the kind of intervention that this bill is proposing.
Clare Curran: What’s that going to do to investment?
GRANT ROBERTSON: That is right—what will that do in terms of people who want to invest in telecommunication networks in New Zealand? The Government has simply not made the case. There are numerous unanswered questions within this piece of legislation—a piece of legislation introduced today under urgency.
We need good, strong measures to protect New Zealand’s national security. If we are going to get measures that are durable, that requires a cross-parliamentary understanding. We support having good, strong intelligence agencies, but what we cannot support is legislation that rides roughshod over democracy, that fails to make the case for why it is necessary, and that appears, on the face of it, to give the Government extraordinary powers to intervene in the activities of private businesses. That is the kind of thing someone once told me the National Party was all about—supporting the rights of business people to go about what they do without unfair interference. Well, that has all gone, because tonight what we see is legislation from a National Government that has no commitment to democracy and is obsessed by its control and the control of individual Ministers. This bill is being opposed by the Labour Party tonight. We have not seen a case made for it by National, and the way it has gone about it, the process it has used, has been a shoddy, shoddy process, and it is making a sham of our democracy.
STEFFAN BROWNING (Green) : Kia ora. I rise to speak to the Telecommunications (Interception Capability and Security) Bill. It could also be called the “TELCOs (Spying on Kiwis) Bill”, or the “TELCOs (Let’s Get Hacked) Bill”. We have to ask: why now? What is the gap in legislation that we need this bill to cover? We questioned that in April when this bill was being mooted and at the time of the announcement that the Government was to change its plans to modernise the Telecommunications (Interception Capability) Act 2004. We opposed that Act for good reason, and since then there has been plenty to show up why we should have and why we did. Rather than amend that law, it should be reviewed. The Green Party opposed that law because of the great power it gave agencies to spy on New Zealanders’ online activity. Of course, when we learn about the 88 people who have been illegally spied on, we may see that that has been an abuse of this. Maybe that is the patch-up that this new bill is about—about covering up another one of the gaps where the Government has, clearly, been operating illegally.
It is very concerning that the changes to this interception capability are being developed at the same time as the Government changes the law around the Government Communications Security Bureau—and not just New Zealand agencies; it is around the agencies of those other nations such as the US, which is the main one behind it, the UK, Australia, and Canada. It gives those agencies associated with that the ability to spy on New Zealanders as well. Or is the reason for this change that agencies have yet again been caught outside the law, and also that in building “interceptability”, let us call it, into the network it has actually created weaknesses? We think that they have created weaknesses that could be exploited and they now need to be patched up.
But tell us the truth. What is going on here? What is the real reason? What are the real reasons for this bill coming at the moment, apart from just overall having a total surveillance State in New Zealand? A commission of inquiry is needed into both the Government Communications Security Bureau and the telecommunications laws, the laws that allow that surveillance, and their operation. We need a review. We need a full commission of inquiry rather than these piecemeal pieces that the Government is putting in.
What does this bill open us up to? Well, one thing is that the increased capacity in security systems will, basically, allow National’s chosen spy mates, its chosen agencies like the Government Communications Security Bureau and its US mates, to get into, as I said, that deeper hacking. Shortly after Parliament passed the Telecommunications (Interception Capability) Act 2004, there were concerns raised as a result of what we called the Greek Watergate. In 2004 and 2005 hackers gained access to Vodafone Greece’s mobile system and to the built-in law enforcement interception capability back then, and they tapped months of calls of more than 100 mobile phones. These days hackers do it much, much more. The reason they could do that was that they were using the interception capability put in by the spy agencies. Greek officials believed that a foreign intelligence agency was responsible, and the news media, including the BBC and the Wall Street Journal, at that time raised the United States intelligence agencies—the Government’s mates—as the leading suspects.
What we are doing here is putting in laws to make it legal for those agencies to spy on us. We do not need to rely on them hacking in any more, because we are setting up laws for them to do it—not us; the National Party and its buddies. There was another thing that happened in 2004—to United States wireless company T-Mobile—that resulted in hackers obtaining candid photos, at that time from Paris Hilton’s Sidekick smartphone account. What did they get? They got 16.3 million customers through that access point. Provided for by whom? By the law enforcement agencies. For over a year that hacker had access to all their social security numbers, dates of birth, voicemail PINs, and passwords to their email accounts.
So what is this bill? What is this, National? Is this because you have stuffed up? Are you going to make us even more vulnerable when we go into this? Whose tune are we dancing to, National? Who is in town this week? There is lobbying by the Federal Bureau of Investigation, which is in town again this week. The Government Communications Security Bureau is totally tied in with that. We know that from the past.
Scott Simpson: Ha, ha!
STEFFAN BROWNING: You guys might laugh at the idea that other foreign agencies are part of all of this. You just talk to your boss, John Key, about that, and you will see—
The ASSISTANT SPEAKER (H V Ross Robertson): Order!
STEFFAN BROWNING: Sorry, Mr Assistant Speaker. This is a disgusting abuse of legislative power.
There is another aspect in this bill, of course. Is this a bill to actually screw down the telecommunications companies to pay even more money in meeting the Government’s requirements? In the early 2000s Telecom was charging Government agencies nearly half a million dollars a year for assisting in search warrants, and Vodafone had set an annual fee of $800,000 to $1 million. The risk, wrote the SIS, was that in future the police would not be able to afford all the bugging that it wanted to do. Is this the reason for this bill: so that other providers will provide the Government the information that it wants free of charge? It certainly seems that this might be the case.
Dean Pemberton, who had previously set up and run lawful interception equipment at TelstraClear, told a lot of network specialists a while back that the agencies expected that sort of assistance from it. He said that they expected TelstraClear to install devices that could intercept data and forward it to the agencies on a minute-by-minute basis. That is what this bill is about. If the companies did not—
The ASSISTANT SPEAKER (H V Ross Robertson): Order! Members, it is a longstanding convention that people should not conduct conversations in the House unless it is absolutely necessary to do so, and then only so as they do not disturb proceedings. I just ask for some courtesy for the member trying to address the House. There is too much background noise.
STEFFAN BROWNING: Thank you, Mr Assistant Speaker. As he pointed out, the agencies were meant to intercept and forward that data—New Zealanders’ data—on a minute-by-minute basis. He said that if the companies did not have this gear in place, they risked a half-million-dollar fine and should get a lawyer. And he said: “If you try to be wise with them, you’ll end up in the High Court within hours. Don’t be a fool.” Well, of course, the Government is not going to make them be a fool, I suppose. It is going to enforce it through this new legislation and force them to spy on their neighbours, to spy on their fellow nationals, on behalf of the spy agencies.
Another concern we have with this is that it is about data retention, or the amount of time the spy agencies demand the telecommunications companies hang on to our private communications, our telephone calls, our texts, our emails, and everything that is going through the systems that these two bill together—there is an ugly twin, as I have said, with the Government Communications Security Bureau and Related Legislation Amendment Bill—will be able to do. The Greens will be opposing this. Thank you.
MARK MITCHELL (National—Rodney) : I would just like to acknowledge Minister Adams for bringing a very good bill, the Telecommunications (Interception Capability and Security) Bill, to the House. This Government is serious about protecting New Zealanders from threats, both domestic and foreign, and this includes updating legislation around interception capability. I look forward to receiving this bill at the Law and Order Committee. Thank you.
RICHARD PROSSER (NZ First) : I rise on behalf of New Zealand First to take a short call on this bill, the Telecommunications (Interception Capability and Security) Bill. New Zealand First understands and accepts the realities that have made this bill necessary. We give notice to the House and to the Government that we will be supporting it at least going to the Law and Order Committee at this stage. I will stress, however, that our support is conditional on the concerns that we have being addressed, and on there being sufficient oversight and safeguards put in place so that the rights and freedoms of New Zealand citizens and residents are not jeopardised or disregarded in the execution of the powers that this bill encompasses.
This bill, as stated in the general policy statement, “repeals and replaces the Telecommunications (Interception Capability) Act 2004.” The year 2004 was relatively recent in some regards but is a very long time ago indeed by some other measures. Technology marches on all the time at an exponentially increasing pace, and legislation must be able to be updated and improved in order to recognise advances in technology and in the technical field. In addition to this, the commercial landscape has altered dramatically since 2004. Telecom as a single company has nowhere near the market dominance it enjoyed nearly a decade ago. There are more players in a telecommunications environment that is very much different from that which the 2004 Act sought to address. There are more players, there are more networks, there are more devices, and the manner and volume of data and information being transmitted are very much greater.
This bill covers two main issues: interception and network security. The network security aspects are largely technical in nature and deal with how the telecommunications sector and the companies operating in the telecommunications sector are to actually operate in relation to interception warrants. These technical aspects relate to the operation of the networks and the examination and collection of information and data, both through and from various network devices—matters that, as I alluded to earlier, are subject to rapid technological change.
The nature of individual and commercial use of networks and of network devices is also changing, and it is this usage that by the very nature of its usefulness makes companies as well as governmental agencies vulnerable to exploitation through them. Essential service providers, both public and private, may be subject to eavesdropping and cyber-attacks, with the potential for intellectual property to be usurped and the possibility that essential services to individuals and companies may be compromised. New Zealanders deserve to be protected from such potential threats, and, as such, it is necessary that the legislation governing the interception of electronic communications is able to be updated as required as the terrain of the cyberenvironment evolves.
Interception itself remains almost a separate issue and is also dealt with in this bill. Warrants granted under the auspices of this bill to the police, the SIS, and the Government Communications Security Bureau will need to adhere to, and provide sufficient regard for, the rights and civil liberties of New Zealanders. There will need to be sufficient oversight of these warrants and the authority under which they are granted.
The general policy statement states that “The main objectives of the Bill are to ensure that the interception obligations imposed on the telecommunications industry are clear and reflect the changing telecommunications industry structure, do not impose unnecessary compliance costs, and are sufficiently flexible to match today’s operational needs and future technology developments;”, and, furthermore, “that network operators are obliged to engage with the Government on network security matters where they may raise a risk to New Zealand’s national security or economic well-being, inform the Government of network decisions that may be of particular national security interest, and work with the Government to apply any required risk-based and proportionate security measures.”
If these objectives can be met and at the same time the freedoms, rights, and civil liberties of New Zealanders can be assured, then New Zealand First has no issue with supporting this bill. We do have some of the same concerns as the Labour Opposition, but they have to be balanced by the knowledge that threats can develop and evolve very rapidly and may well be home-grown. In closing, I would reiterate that New Zealand First’s continuing support for the bill will be conditional on these concerns being examined and satisfied. New Zealand First will support this bill going to the select committee at this stage. Thank you.
IAN McKELVIE (National—Rangitīkei) : I listened to Steffan Browning, and if he is the member for Waihopai, I can certainly claim to be the member for Tangimoana, because I can throw a rock at the Tangimoana telecommunications station.
Kris Faafoi: You’d get prosecuted if you did that.
IAN McKELVIE: There is a security fence around it, Mr Faafoi. However, I understand the need for security, and the previous speaker, Richard Prosser, most certainly pointed that out to me. This Telecommunications (Interception Capability and Security) Bill is a great piece of legislation, brought to the House by Minister Adams. I have pleasure in commending the bill to the House. Thank you.
Hon PHIL GOFF (Labour—Mt Roskill) : Once again we have an important piece of legislation coming into the House that may be necessary, but the case has not been made out for it; that is certainly intrusive on the privacy and individual rights of New Zealand citizens, but again fails to indicate the checks and balances that might exist to prevent those powers being abused. The Telecommunications (Interception Capability and Security) Bill is a piece of legislation that was brought in under urgency, yet National speaker after National speaker, instead of making out the case for why this legislation is necessary and what protections there might be to stop its powers being abused, stands up, utters and mumbles a few inane sentences, and sits down. There is a responsibility on the Government of this country when, in the night and under urgency, it tries to rush a piece of legislation through, to actually justify to the country what it is doing.
You know, there has been a tradition in this House that where a Government acts reasonably there is an effort to achieve a bipartisan consensus to get intrusive legislation through the House. In this legislation there has been no such effort. It was not tabled until today, and when the Minister for Communications and Information Technology brought the bill in, the bill in its printed form made a comment about the release of the regulatory impact statements. There are wide-ranging powers in this bill, and we need to know what Treasury and the Ministry of Business, Innovation and Employment say the implications of this legislation are. But what do we read in the bill? That “These regulatory impact statements have yet to be publicly released on the Ministry’s website …”.
I want to ask the Government why it is good enough for it to bring in a bill that gives unprecedented powers over telecommunications companies to the Government to intrude into the lives of private New Zealand citizens, yet the Government does not deem it necessary to table the regulatory impact statements so that the whole House can be informed about what this bill means for New Zealanders. That is a breach of process. That is utter arrogance, matching the arrogance of National members who stand up and speak three sentences, and then jeer from their seats when other people are criticising the way this bill has been put together.
I want to make a point about the bill. This bill is going to the Law and Order Committee. I sit on that select committee. Interestingly, our select committee had before it the Corrections Amendment Bill. Members of the committee are in the House right now and they can confirm that. This submission is from three telecommunications companies: 2degrees, Vodafone, and Telecom. This is evidence that the Government never learns from its failures; it never learns from the fiascos and the botch-ups that it has already made. This is what the companies said: “It is unfortunate that we were not consulted on the Bill before this process began.” This was about a bill in the corrections context giving power over telecommunications companies—a parallel to this legislation before us—and the telecommunications companies came to the committee and said that they did not know about it before the Government introduced it.
My challenge to the National Government is this: did it consult with the telecommunications companies? Did it ask whether the measures were effective, were able to be implemented, and were necessary? Whether there were better ways of doing it? Whether it unnecessarily intruded on privacy? Silence. You know the answer, Mr Assistant Speaker. The answer is that it did not consult with the companies that are dramatically affected by these legislative powers.
What do we find about the Government’s last effort to do this that went to the Law and Order Committee? We found that the bill would have had unintended consequences; that the telecommunications providers actually did not have the capability to do what the Government was demanding of them. We found that it gave the department search and surveillance powers over and above any others that existed for Government agencies, that it failed to take into account better ways of doing it, that it set out costs that ran into millions of dollars, and that it was an unjustified intrusion into the privacy rights of individuals. Do you know what the result of that submission was? Everything the telecommunications companies said about that intrusion and those powers was absolutely correct, and the Government slunk off with its tail between its legs. It withdrew the provisions in the legislation and it put into effect provisions that the telecommunications companies said were necessary, useful, pragmatic, and had proper checks and balances.
This Government learns nothing from its experience. It brings into the House this bill with unprecedented powers. It has not consulted the Opposition parties. It has not consulted the telecommunications companies. My fear is that our committee will find exactly what it found last time the Government tried to implement something like this: that what the Government was recommending would not work, could not be done, was expensive, abused the rights of ordinary New Zealanders, and failed to protect, where it was necessary to do so, the privacy of individuals.
You know, I wonder what this legislation is about. Some time ago I was talking to people representing the Australian Government and the United States Government. They asked me this question, saying: “You know, you’re worried about cyber-security. Why is it that the National Government has agreed to allow Huawei to set up communications networks in New Zealand that we in Australia and we in the United States wouldn’t allow because of the fundamental impact that would have on undermining cyber-security in our countries?” So on the one hand the Government has gone out and it has agreed to something that its closest friends and allies apparently thought was stupid, and then on the other hand it brings this legislation in. Maybe it is bringing this legislation in because in retrospect it realises it has done the wrong thing and it has opened New Zealand up to the sort of cyber-attacks through foreign-owned companies that other countries with similar democracies have not opened themselves up to.
I ask the next Government speaker not to mutter something inane when they get up and then sit down again, but to answer that question. Answer all of those questions. Is this about Huawei? Why is it that there has been no communication with the telecommunications companies? Why is it that we found out about this legislation only when it was tabled, and that there was no effort, as you would normally expect, to give a briefing to the Opposition on legislation that provides for a massive expansion of Government powers?
I want to give an indication of what that massive expansion is. Network operators will have to notify the director of the Government Communications Security Bureau of “any proposed decision, course of action, or change [to] procurement of any equipment, system, or service …”, any change to those, or any change of ownership of any of them. What remarkable powers—remarkable powers that the Government Communications Security Bureau will have over communications companies. Why is this deemed to be necessary at this time? Is it about Huawei? Or is it because the Government just thinks that it should be able to go in and direct anything that the private communications companies are doing.
The bill says that the telecommunications companies must notify the Government Communications Security Bureau before they go out to the market for any new equipment. That is a huge intrusion on what the telecommunications companies are doing. It has not been necessary in the past. Why is it necessary now? The Government Communications Security Bureau is to have a veto power over network operators upgrading and introducing new network equipment if in the director’s opinion they pose a security risk. What is the criteria he follows in that? Why is that not spelt out in the legislation? Is this a total unbridled power?
If the director is not satisfied with the proposal, then they can refer it to the Prime Minister, and the Prime Minister can direct that they stop a particular activity—enormous powers placed in the hands of the Prime Minister to be directive. Where is the check and balance on that? It may be that they are concerned, for example, about the economic well-being of the country. Every day the National Party stands up in the House and argues that every party in Opposition is undermining the economic well-being of the country. Is this a cause that would allow the Government to spy on the political parties’ decision-making process because of that? You would say that is silly, really, is it not? Is it not silly? The Government would not do that, would it? John Key, or, actually, Bill English, would not suppress the fact that the Government had acted illegally in another area. John Key would not lie about his involvement in the appointment of the Government Communications Security Bureau’s director. No, they would not do those things!
This is bad legislation—poorly introduced, inadequately explained, with no New Zealand Bill of Rights Act veto, and no checks and balances. The Labour Opposition will be opposing this bill.
TIM MACINDOE (National—Hamilton West) : Could I begin by acknowledging the contribution that we had from Richard Prosser as he outlined his party’s understanding of the need for this Telecommunications (Interception Capability and Security) Bill. We acknowledge that his party has some concerns and they will be worked through. But I want to thank the New Zealand First caucus for its indication of support for an important piece of legislation.
I want to turn just briefly to some of the comments of the member for Mt Roskill, who made much of the idea that the Government has not outlined its case for this bill. I can only assume that he was not in the House at the time that the Minister for Communications and Information Technology spoke in considerable detail as she outlined exactly what the reasons for the bill were. She made it very clear that this is a bill whose time has come because technology is changing so rapidly. It would be totally inappropriate to bury our heads in the sand and to say that the law does not need to change when New Zealand’s telecommunications infrastructure has to be able to remain secure in an increasingly online world. It is about ensuring that telecommunications network security law reflects the realities of our modern telecommunications infrastructure, which is constantly changing at a baffling speed.
Our current legislation relating to interception obligations was put in place when there were only a few major vertically integrated network operators. So much has changed since then. That is no longer the case. Therefore, times have changed, the technology has changed, and the law must change to reflect contemporary needs and challenges.
Hon David Cunliffe: Split call. A 5-minute call, Mr Assistant Speaker.
The ASSISTANT SPEAKER (H V Ross Robertson): A 5-minute call. I call the Hon David Cunliffe, and I will give the member a bell at 4 minutes.
Hon DAVID CUNLIFFE (Labour—New Lynn) : In this Chamber we have decorating the walls the emblems of battles in which New Zealanders have fought. I am looking opposite at one named Egypt, where the 28th Māori Battalion served so gallantly in the front line of the break out at El Alamein, which it was my privilege once to visit. I am calling it to mind because our late colleague Parekura Horomia was a dedicated attendee at its commemorations. I have been very pleased to be at some. I recall the battalion because the principles for which it fought, and for which too many died, included the protection of the very freedoms which this Telecommunications (Interception Capability and Security) Bill now calls into question. That is a matter of such seriousness that it behoves this House and every listener to contemplate very, very carefully the freedoms which could be compromised willingly or by omission through this bill.
This bill as it currently stands, based on the information that we currently have, appears to be a sham in the shadow of a farce. The farce is obvious on our TV screens, and in the debacle of Dotcom and the unanswered questions about Huawei, where our nearest allies, our “Five Eyes” partners, are unwilling to accept certain technology offerings that this Government appears comfortable to do. We have, perhaps most important, a significant issue of the Government Communications Security Bureau’s cart being before its own horse. We have the Kitteridge review, which found 88 cases of illegal spying on New Zealand citizens or residents and made an extensive set of recommendations. It is absolutely proper and important that the House considers the response to that review before it extends the powers of the agency as proposed in this bill.
How does it extend them? Firstly, to broaden the purposes for which the Government Communications Security Bureau may act to include any economic well-being is to broaden it by, as they say, a country mile. Almost anything has a cost in financial terms and can be said to impact business. It is not necessarily wrong to cover that, but we would want much more information about the extent, the process, and the accountability around that because it magnifies the scope of this agency.
A colleague opposite talked about technology change. A key change has been the development of the cloud. This bill gives the obligation to our telecommunications providers to allow interception access into the cloud. You have seen the ads by one telecommunications company: “We can’t even say which Government agencies use our services.” This bill forces them to open up their clients’ accounts to the scrutiny of those agencies, or so it seems. What protections, I ask of the veterans of El Alamein, are given to New Zealand citizens? Will a judge’s warrant be required for such intercepts? Will New Zealanders’ cloud information be deemed to be within New Zealand’s jurisdiction? Or will it be ultra vires because it is in the cloud and not tied to our domestic terrestrial communications? We look for the answer. We have none.
What of the scrutiny? Currently the Intelligence and Security Committee, the oversight provided by Parliament, is in name only. It generally gets information after it is released to the public, and it is headed up by John “Brain Fade” Key—a man who has the courage to pick up the phone and ring a schoolmate and ask him to be the head of our spy agency, but does not have the courage to pick up the phone and talk to Aaron Gilmour about his antics. He cannot remember where he was last week, or last month, or last year, or whom he spoke to, or why. Are we prepared to accept that man’s assurance that all of the activities of the agency that are being broadened by this bill are subject to New Zealand law when the Kitteridge review has not yet been acted on? I think not.
Our Government Communications Security Bureau has a valid and important role to play in protecting our national interests. It must have the highest trust of this House and the New Zealand people. This legislation needs a lot more clarity and a lot more information before the Labour Opposition can support it.
GARETH HUGHES (Green) : Kia ora, Mr Assistant Speaker. Ngā mihi nui ki a koutou. Kia ora. I rise to speak to and oppose the Telecommunications (Interception Capability and Security) Bill, introduced by the so-called Minister for Communications and Information Technology, but I think she is going to get a name for herself as the “Minister of Communication Interceptions”. This is a bad day for our democracy. It is a bad day. We are seeing this and its sibling legislation, the Government Communications Security Bureau and Related Legislation Amendment Bill, introduced in this Chamber today under urgency with a constrained committee hearing period, and with no New Zealand Bill of Rights Act vet and no regulatory impact assessment—introduced under urgency. It is a bad day for our democracy because I do not think this is the standard Kiwis expect and demand from a Government that takes human rights, civil liberties, and security issues seriously. What we are seeing is bad legislation being introduced under urgency.
I received this in my office today. It is dated yesterday. It is a letter from the Minister for Communications and Information Technology, Amy Adams, with the legislation. The day it is tabled in Parliament, the Opposition gets to look at this legislation. That is not in the spirit of the cross-party approach that we have seen over decades when it comes to security and surveillance issues. I think it is a bad day and it reflects very poorly on the Government. I think the tone of this debate reflects very poorly on the Government benches, who are not speaking for more than 1 minute, except for a few bland comments. They should be able to stand up and defend this legislation in the House, in front of these people, and put their words down on the record of our country, and in Hansard. This is the party that boasted so boldly and loudly about the nanny State. This is the party that, ridiculously, talked about Fiji and North Korea when we talked about lower electricity prices and housing affordability.
If we are going to have a conversation about Fiji and North Korea, let us look at the legislation in front of this Parliament today and at what we are talking about. Let us remember what we did last session in Parliament: criminalising protest activity. If there are things that remind me of totalitarian Governments, it is things like spying on its citizens, it is things like retrospectively changing the laws when the Government has been found to have used its agents to act unlawfully, and it is criminalising protest activity. I think it is a bad day for the Government when we are dealing with issues such as this. Government members call it necessary and transparent, but there is no justification. There is no case that they can point to. There is no cross-party process that they have gone through to build support, as would have been the case in the past. This is a large expansion of power. It deals with the interception capability of internet service providers and other network operators. It deals with a differential, escalating role of monitoring and compliance regimes. It contains a penalties regime.
I do not think the information and communications technology sector or the telecommunications sector will be welcoming this. I doubt they were consulted. We still have not got a mention from the Government benches as to whether they were or not. I think they will be concerned. I think they will be concerned because it is going to risk investment in this critical sector and, I believe, an important part of our economic prosperity going into the future. There are even risks around whether these companies can be sold in the future or not.
Hey, if we are going to have a conversation on nanny State, let us just look at this bill in front of the House today. This bill contains an extremely wide definition of what security is and what can be surveilled as a consequence. It uses the term “economic well-being”, a catch-all that could catch anyone from Greenpeace, to a protestor with a banner, to the Green and Labour parties when we talk about excessive super-profits in the electricity sector and trying to drive down power bills for Kiwis.
I think, crucially, what Kiwis find so unfair and egregious about this bill is that what we have seen over the last 18 months is a monumental cock-up when it comes to Kim Dotcom—a monumental cock-up. What this Government has done is reward those spies for their unlawful activities. It is rewarding the spies for their bad behaviour. It is changing the rules to validate what they did. We may as well get Jetstar to write our customer service standards. We may as well get John Banks to run our electoral donation register if we are going to give the spies the laws they want when they act unlawfully. It is bad for our telecommunications and it is bad for our human rights. This is being passed through our Parliament in a poor, shoddy process with no New Zealand Bill of Rights Act vet.
There was a regulatory impact statement produced on 12 March, I understand. That is not in front of this House. It is a terrible process—a shoddy process. It smacks of Muldoonism. I think the members should be ashamed that they are voting for it. I say that with all honesty, and without a sense of rhetoric. This is a shameful day. We have seen a litany of terrible legislation under this Parliament, but, jeez, this has got to take the cake. Laws to spy on Kiwis, to validate unlawful spying on Kiwis, under urgency—a bad day for this country and a bad day for the National Government.
SCOTT SIMPSON (National—Coromandel) : It is a pleasure to be the last speaker in this first reading of the Telecommunications (Interception Capability and Security) Bill. We live in times that are changing. We live in a modern world where there is increasing technology and increasing risk.
This bill is a good bill. It is a good bill because it will give the increasing number of telecommunications providers that we have a very clear understanding of their obligations, not just to the Government but in terms of the security of New Zealand and our economic well-being in the global environment. This is a good bill. I commend it and endorse it to the House.
|Ayes 71||New Zealand National 59; New Zealand First 7; Māori Party 3; ACT New Zealand 1; United Future 1.|
|Noes 48||New Zealand Labour 33; Green Party 13; Mana 1; Independent: Horan.|
|Bill read a first time.|
- Bill referred to the Law and Order Committee.