Digest No. 2101
|Date of Introduction:||8 May 2013|
|Portfolio:||Communications and Information Technology|
|Select Committee:||Law and Order|
|Date report presented:||19 September 2013|
|Published: 30 September 2013by John McSoriley BA LL.B, BarristerLegislative AnalystP: (04) 817-9626 (Ext. 9626)||Caution: This Digest was prepared to assist consideration of the Bill by members of Parliament. It has no official status.Although every effort has been made to ensure accuracy, it should not be taken as a complete or authoritative guide to the Bill. Other sources should be consulted to determine the subsequent official status of the Bill.|
This Bill repeals the Telecommunications (Interception Capability) Act 2004 and replaces it with this Bill which has the aim of ensuring that:
- “the interception obligations imposed on the telecommunications industry are clear and reflect the changing telecommunications industry structure, do not impose unnecessary compliance costs, and are sufficiently flexible to match today’s operational needs and future technology developments; and
- “network operators are obliged to engage with the Government on network security matters where they may raise a risk to New Zealand’s national security or economic well-being, inform the Government of network decisions that may be of particular national security interest, and work with the Government to apply any required risk-based and proportionate security measures”. 
The purposes of the Bill are to:
- “ensure that surveillance agencies are able to effectively carry out the lawful interception of telecommunications under an interception warrant or any other lawful interception authority”; and
- “ensure that surveillance agencies, in obtaining assistance for the interception of telecommunications, do not create barriers to the introduction of new or innovative telecommunications technologies”; and
- “ensure that network operators and service providers have the freedom to choose system design features and specifications that are appropriate for their own purposes” (Part 1, Clause 5).
Requirements placed on network operators
The Bill removes the obligation for network operators to invest in interception capability where this is not necessary or too expensive. Different obligations are placed on different network operators. In respect of network operators with fewer than 4 000 customers, a new “interception readiness” obligation is created which means that for wholesale network services (which are then on-sold by a retail operator to the end-user) there is an obligation to help ensure interception equipment can access the network, if required. For infrastructure-level services, there is no capability obligation but there is an obligation to report customer names.
Obligations and duties
The Bill provides that there is a duty to assist whether the network operator is based in New Zealand or overseas, and whether or not they have interception capability. In this regard, the Bill specifies that network operators may share resources (for example, equipment or staff) in order to meet their obligations under the Act.
Ability to require the provision of, a greater level of, assistance
The Bill allows interception capability obligations to be extended to telecommunications service which do not have capability obligations. It also allows the Minister to partially or fully reinstate capability obligations on a company with reduced obligations if more onerous obligations are justified for operational reasons. The Bill creates “a faster and more flexible exemption process”  through which capability obligations on particular operators, or on whole classes of operators or services, may be reduced. The Bill provides for a new ministerial power to direct that an off-shore telecommunications service must not be resold in New Zealand if there is insufficient interception capability on that service, and the direction is required to address a significant risk to national security or law enforcement.
The Bill provides that network operators and the Government Communications Security Bureau (GCSB) are to work co-operatively and collaboratively on identifying and addressing network security risks and obliging network operators to engage in good faith with the Director of the GCSB on the design, build, and operation of networks where those may pose a risk to New Zealand’s national security or economic well-being. Network operators must notify the Director of the GCSB about proposed procurement decisions being made in relation to areas in the network of particular national security interest.
Risk identification and response
The Bill provides for a risk identification and response process and for a ministerial direction power where a significant risk to national security is raised and either the Director of the GCSB is not satisfied with the network operator’s proposal to address a security risk, or a network operator has breached one of the requirements in the Act and has proceeded with a decision or course of action that gives rise to a significant risk to national security.
Compliance and enforcement
The Bill requires network operators to register basic information with the Government and enables the surveillance agencies (the New Zealand Police, the New Zealand Security Intelligence Service, and the GCSB) to request information from network operators. The surveillance agencies may require network operators to have a staff member with an appropriate security clearance. The Bill enables surveillance agencies to initiate compliance testing and require the chief executive of a network operator to certify compliance with the Act after checking compliance with interception obligations. Enforcement may be carried out, in respect of minor non-compliance, by way of a breach notice, or, in the case of serious non-compliance, prosecution in the High Court. 
The bar-2 Bill specifies that a network operator may be required to provide access only to a point of the public telecommunications network suitable for effecting an interception warrant or other lawful authority. Under the Bill as introduced, there is no limit on the access a network operator would be required to provide (Part 2, amending Clause 12(a)).
The bar-2 Bill provides that the Minister may not delegate certain powers relating to Ministerial directions to any person other than another Minister (Part 2, amending Clauses 19(5), 35(9), 39(11), and 54(5)).
Duty to assist
Under the present law all network operators and service providers to take all reasonable steps necessary to effect a warrant or other lawful interception authority including decryption.
The bar-2 Bill specifies the limits of the obligation in relation to decryption. If a telecommunications service provider or network operator provided the encryption, it must take all reasonable steps to assist; if it did not, then it would not be obliged to do so (Part 2, Clause 24(3)(b) (amending paragraph (vi) and inserting new subclause (3A)); cf. Clause 10(4).
Classified security information in court
The bar-2 Bill sets out the Court procedures for dealing with classified security information including requirements to keep information confidential and hold closed hearings if necessary. The Court may appoint special advocates and allow them to access classified security information, participate in examinations of witnesses, make submissions to the Court, and communicate with the parties they represent.
The bar-2 Bill duty imposes a duty on the Crown to provide access for the Court to the relevant classified security information (Part 4, amending Clauses 96 and 97; inserting New Clauses 96A–96H and 97A).
|Copyright: © NZ Parliamentary Library, 2013|
|This work is licensed under the Creative Commons Attribution 3.0 New Zealand licence. In essence, you are free to copy, distribute and adapt the work, as long as you attribute the work to the Parliamentary Library and abide by the other licence terms. To view a copy of this licence, visit: http://creativecommons.org/licenses/by/3.0/nz/.|