Remember 1997? That’s when Carnivore was in use by the FBI. Soon after we heard rumours of an AT&T Room 641A, where the NSA would have a colocated interception facility that would tap into all communications being handled by that telco. Then all the rage about ECHELON, a SIGINT collection network operated by Australia, Canada, New Zealand, the UK and the United States of America).
During those years people were quick to call “paranoid” those who discussed those surveillance systems and frameworks.
It is now 2013 and we start reading more about a secret program called PRISM, that would allow intelligence services access to data stored by technology companies that store and forward communications and data files. Companies allegedly involved all sent out releases saying pretty much “we care deeply about our users privacy and comply with the law.” Those include Apple, Dropbox, Facebook, Google, Microsoft and Yahoo!.
Despite all the negatives, just yesterday came out more leaked information alleging Microsoft has provided the NSA with encryption keys that would allow them to access encrypted communications in their online properties such as Outlook.com, Hotmail.com and Skype. This is similar to 1999 claims that Microsoft has inserted a public key into the Windows NT operating system allowing intelligence services a backdoor into the platform.
Now come word that Australian Telstra has been working with American authorities since 2001 in a manner not different from AT&T and it famous Room 641A. In essence the telco agreed to store electronic communications data originating or terminating in the USA and going through their Reach network, making this available to US enforcement agencies on demand. The data is available through systems involves not only “metadata” but content of emails, instant messages and voice calls.
Fairfax Media reported that four Australian defence facilities are being used by the US in this intelligence collection programme. Local (Australian) centres are used in a National Security Agency surveillance program codenamed X-Keyscore.
This collaboration seems to be the result of Telstra decision to expand into Asia through Reach. When it came to the point where they needed to negotiate landing rights into USA, the local security agencies made it a requirement the company signed the agreement to collaborate in this data collection in order for a license to be issued.
While no live surveillance is being conducted, the data is available at short notice to US intelligence agencies.
Just recently University of Otago information science Associate Professor Hank Wolfe commented that “Under what was unofficially known as the Five Eyes Alliance, New Zealand and other governments; including the United States, Australia, Canada, and Britain, dealt with internal spying by saying they didn’t do it, but they have all the partners doing it for them and then they share all the information.” Yes, Five Eyes is the evolution of good old ECHELON from the late 90s.
So the questions after this revelation from the other side of the Tasman is really “how much of New Zealand communications are being stored by Telstra and handed over to foreign intelligence agencies?”. Or even “are there any New Zealand ISPs or cable providers involved in a similar deal?”
This all just happens in the middle of discussions involving the New Zealand’s government proposal Government Communications Security Bureau and Related Legislation Amendment Bill. I suggest you read Thomas Beagle’s GCSB Bill Oral Submission and also his other submission to the GCSB Bill:
The GCSB Act (2003) allowed the GCSB to provide advice and assistance to any public authorities or other entities. However, section 14 made it very clear that this assistance was not to include any action for the purpose of intercepting the communications of a New Zealand citizen or permanent resident.
The GCSB Bill now explicitly allows the GCSB to perform interceptions of New Zealanders communications on behalf of the Police, SIS or Defence Force.
It also allows the GCSB to spy on New Zealanders for the purpose of maintaining cybersecurity. (The GCSB claims in the Regulatory Impact Statement that it will need to be able to monitor the communications of New Zealanders to detect whether they are being attacked.)
Those changes actually allow the GCSB to perform interceptions of New Zealander's’ communications on behalf of other agencies, something that caused a bit of a problem when they watched over Mr Dotcom, which was later ruled illegal because Mr Dotcom was a New Zealand resident at the time.
I have reached to Southern Cross Cables asking for comments but I don’t expect to hear anything back until Monday at least.
Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre
comments powered by Disqus