I too have worked directly with them in the past, and they're not anywhere near as bad as you imply. Like any agency they sometimes need prodding, poking or plain old 'escalating', but as most companies have these problems _internally_ i'm not surprised that it happens between government departments, even in NZ.
The guidance document as published at http://ncsc.govt.nz/assets/TICSA/NCSC-Guidance-for-Network-Operators.pdf states:
> To assist the GCSB and network operators to work together on network security risks, network operators
> may nominate a suitable employee (or employees) to apply for a SECRET level GCSB sponsored security
> Network operators may also, upon request, be required to nominate an individual for security clearance
> (section 75).
> Having cleared staff within network operators allows the GCSB to share certain information about network
> security risks that is classified. While these individuals cannot pass classified information to un-cleared
> colleagues, they will be able to give informed guidance on identifying and addressing network security
> If a network operator does not have cleared staff, the GCSB will still seek to engage with them, and share
> what information it can about network security risks.
The legislation itself states:
A network operator must, within 10 working days _after being required to do so_ under subsection (2), (3), or (4),—
(a) nominate a suitable employee to apply for a secret-level government-sponsored security clearance (a clearance); and
(b) notify the employee of the nomination; and
(c) give written notice of the name and contact details of that employee to the Registrar.
- so the vetting obligation isn't an obligation until the Network Operator is 'required'. The rationale for putting staff up for vetting seems sound, but as you can see from the last part of the quote from the guidance, they can still work with service providers that don't have cleared staff.
There's no obligation for ISP's to have staff go through security clearances - in fact plenty wont pass the requirements (citizenship/residency for >10 years). ISP's can nominate staff to be vetted and those that're vetted, can be given more background as to why some information is being sought or why a particular issue is being flagged.
Important to note that the GCSB focus here is 'national security' and this isn't quite the same as lawful intercept for other purposes.
Demand without a warrant? There still needs to be a legal basis for the ISP to breach their customers privacy.
^^ What he said.
Those who voted in the National Government chose to elect a party that is well known for its position supporting business (over the individual).
There's reports that around 1 Million NZ'rs (out of ~4.4M) didn't vote in the last election. There's still a chance to have an affect on the outcomes if enough of the apathetic step up and make their voices heard. Unfortunately for laws such as this, many folks don't see it as affecting them, and will remain oblivious...
Yes i'm cynical about it.
And as a non American, I support the above. My email archive goes back to the days prior to Gmail, prior to my current email address, infact even prior to using Thunderbird (it's been in Eudora, Netscape Communicator, Mozilla Suite, and Thunderbird variously over the years).
I keep the last month or so's email live on my mail server and read it with IMAP. From Thunderbird. On a half dozen different machines. Windows and Linux. All Thunderbird.
Every month or so I use POP3 to pull all the email server-side down to my archive installation of Thunderbird on my home server.
I refer to my archive about every month or two at minimum, and have already found value in being able to pull transactional email notifications from 2 years ago out of an archived folder, to help rebuild a mailing list that was hosted in the cloud (but where said cloud service provider decided to be nasty and delete an entire VM, plus backups, simply because they could, and not because it was reasonable).
My email archive is mine, it's on hardware I control, backed up by my own backup regime, sitting in property I control and subject to local jursidiction. My live mail platform is one I personally administer, that I can read from the several computers I use week-to-week using exactly the same software (Thunderbird).
I'm glad to hear Thunderbird will still have 'some' attention, though I hope the writing isn't on the wall. We need Thunderbird. My entire corporate office uses Thunderbird + Lightning (Mac and Linux clients) to talk to our POP/IMAP platform and soon, to talk to Zimbra. Zimbra might be a powerful web based app but it's still nice to be able to carry out work when you're disconnected!
I'm sure they are, but that's not a crime covered by the Extradition Treaty.
Any Extradition from NZ will be under the terms of the Extradition Treaty and won't be for DMCA violations, but for other charges - such as the Money Laundering and so on which is indeed covered by the Treaty.
Some interesting reads:
Provision Warrants: http://www.legislation.govt.nz/act/public/1999/0055/latest/DLM26216.html
Extradition Offenses http://www.legislation.govt.nz/act/public/1999/0055/latest/DLM25681.html#DLM25681
How Extradition Request must be made http://www.legislation.govt.nz/act/public/1999/0055/latest/DLM26211.html?search=ts_act_extradition_resel&p=1#DLM26211
Minister may request warrant http://www.legislation.govt.nz/act/public/1999/0055/latest/DLM26215.html?search=ts_act_extradition_resel&p=1
The Extradition Treaty Itself http://newzealand.usembassy.gov/uploads/images/o16y8MOyHW2l-jJTxaMpeQ/ExtraditionUSNZ.pdf
This old argument... I know exactly what you mean, but if your productivity is being hindered by 'stone knives and bearskins' then surely this is something that management simply get to live with? When Management cease to support the employee, surely the employee should become a 'timecard-worker'....
if your productivity is high, they're going to think all is well. Let your productivity slide and when they ask why, point out to them how they're screwing themselves over with their stone-age conventions?
Sucks I know, but otherwise you're shooting yourself in the foot.
Agree with the other response; you apparently have the wrong end of the straw.
The IT dept support the _company_, not individual employees. If you want a tool that the company hasn't provided you, the right channel to go through is via management and the procurement process. Then your required tool gets a proper introduction-to-service and your IT guy is appropriate trained and ready to support it, rather than just having it shoved in his lap because it's the new toy you've just decided you 'need'.
if it's a device that you need for business purposes, the business will provide it for you. (Or should, if it's a genuine need.)
The influx of personal smart devices into business is great; but if you expect to connect them to my corporate network, you best be prepared to see them integrate into my corporate network requirements around security and support. I've seen policies from 'sure, but you support it' through to 'absolutely not' and the support guy's job is to enforce that policy. No more, no less. Oh and by the way, support guy rarely dictates policy, most especially in larger companies.
^ This. The IT dept's worst nightmare are employees who *think* they know better.
Pager on silent/vibrate, under my pillow, tends to work well.
Only so much you can do about the noise of the vibration unit, though.
Have done this with my phone before also.
Oh i'm sure they're related. I'm just not sure that one is to blame for the other.
Get sick of pointing out that 'correlation != causation'.
Zing! The world loves hypocrytes, right?
Mod parent up.