Does the NZ Government really need the security Amendment Bill?

The New Zealand government is currently considering a bill that would give more power to the country's foreign intelligence agency to spy on citizens, but is the move justified?

According to Trend Micro NZ senior security architect, Peter Benson, the government has a real need for the bill, and for extended powers to effectively monitor data.

"There has been ambiguity in the past as to the extent that the advanced capabilities of the GCSB (Government Communications Security Bureau) could be used, and the role of the GCSB," he said.

Critics of the bill have expressed concerns about the country's foreign intelligence agency being imbued with extraordinary power to spy on its citizens.

However, Benson clarified that the main purpose of the initiative is to "broaden the scope of how other agencies could leverage the foreign intelligence agency for intelligence services to help with information collection and protection."

The bill claims "New Zealand faces a changing security environment in which threats are increasingly interconnected and national borders are less meaningful."

It adds the country is no longer far removed from security threats due to globalisation, which has resulted in a changed environment with new security challenges.

Benson said the ability for citizens to carry out activities in an off-shore or Cloud-based environment via the Internet has also created local jurisdictional issues.

"This means that existing agencies can no longer rely on local investigations of local computers, but must take a global perspective around how to investigate local scenarios," he said.

According to Benson, there is a need to overhaul the way that data is collected, particularly as a significant range of off-shore services and information infrastructures are in foreign jurisdictions, which may or may not be friendly to New Zealand's interests.

This is compounded by "increasingly globally ubiquitous nature of information assets/computer infrastructures," he added.

The sum of all fears

Some critics argue the bill goes too far and infringes on free speech and human rights, while its supporters are saying the revisions would update surveillance laws that are behind the times.

One case for the law, from a security perspective, is that the rate of technology acceleration, said Benson.

"The amount of information and data being created, stored, and shared, is increasing all the time," he said.

"Unfortunately, the social sciences tend to lag technology significantly."

With some technologies, Benson said the social, ethical, and moral perspective is still being worked out, as well as "how and whether we should use the technology."

What takes even longer to catch up with the technology capability are policies, legislation, and regulatory controls.

"What we have seen time and time again is how technology is both used and abused before our legislators works out both what the issues are and how to address those issues," he said.

"We continue to see the technology abused after the fact as well." From a security perspective, Benson said old threats do not go away but some do get replaced with new threats.

A security vendor such as Trend Micro is naturally involved in investigating these new threats from a security perspective, and Benson admits that there have been a number of significant changes to the threat landscape over the last few years.

"This has resulted in technology change, changes in the way we use technology, and the increasing interconnectedness of our lives," he said.

As for what issues may be influencing the bill, Benson said there increasing activity and progress by nation states in the development and use of information for state or economic advantage.

"There is also increasing use and availability of advanced tools for use by non-nation states and individuals," he said.

Then there is the growing shift of organised crime away from more physical means, such as dealing in drugs, and into information technology based crime, such as ransomware and blackmail.

"In a way, this has now become a very lucrative industry," he said.

"So we need legislation and capabilities to address this, particularly where the criminals don't particularly care which jurisdiction the victims are in."

Finally, Benson sees the economic value of a country is increasingly being defined based on the intellectual property they develop, maintain, and protect.

"There are increasing levels of economic espionage, such as Class 2 Information Warfare, that are often sponsored by well-funded, unfriendly nation states," he said.

Benson is quick to point out that this is not an indictment on China, just that all nations are investing heavily in "cyber warfare," and in turn, are increasingly looking at proactive detection.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government Communications Security Bureautrend microsecuritynewscyber crimegovernmentNew Zealand Reseller News

More about IDGIDG CommunicationsIDG CommunicationsIDG CommunicationsTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Patrick Budmar

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts