TICSA

Telecommunications (Interception Capability and Security) Act 2013

The Legislation

The Telecommunications (Interception Capability and Security) Act 2013 (TICSA) establishes obligations for New Zealand’s telecommunications network operators in two key areas: interception capability and network security. 

The Government Communications Security Bureau (GCSB) is responsible for administering the network security provisions of the TICSA.

Part 3 of the TICSA, which relates to network security, establishes a framework under which network operators are required to engage with the GCSB (through the NCSC) about changes and developments with their networks where these intersect with national security.

The legislation sets out a path to identify and address, prevent, mitigate, or remove network security risks which may arise. To assist in applying TICSA, the Director-General of the GCSB has issued Guidelines for network operators, and has granted a number of exemptions from the duty to notify which are in place.

The GCSB works co-operatively and collaboratively with network operators so that risks to New Zealand’s national security arising from the design, build or operation of public telecommunications networks and their interconnection to other networks both domestically and overseas are identified and addressed as early as possible.

The Director-General of the GCSB has issued Guidelines for network operators on how the GCSB and network operators will interact to fulfil each other’s responsibilities under TICSA. The final Guidelines document was prepared following consultation involving network operators.

The Guidelines cover:  

  • Process for network operators to register  
  • The national security focus of the TICSA  
  • Notification requirements for network operators: what and when  
  • The GCSB’s consideration of proposals, including:  
    • The factors the GCSB must take into consideration 
    • How the GCSB will communicate to network operators
    • How the GCSB will manage exemption requests
  • Referral of cases to the Minister Responsible for the GCSB  
  • The process for updating the Guidelines

A copy of the Guidelines is available here.

Information on getting a clearance under the TICSA

Disclaimer: This document is informational only and is not to be considered “Guidance” as defined in section 58 of the TICSA

 

Clearances under section 75 and 76 of TICSA

Clearances can be required for Network Operators. Network Operators can submit a request to the NZ Police to have a nominated person go through the clearance process.

NZ Police will approve clearance requests for compliance with section 2 of the Act.

NCSC/GCSB will approve clearance requests for compliance with section 3 of the Act.

Both the GCSB and the Police can require Network Operators to provide someone to go through the clearance process.

As a Network Operator you must nominate a suitable person to apply for a secret level clearance.

The vetting procedure can take some time.

Having a clearance comes with obligations – you can read about these online in the PSR here.

The vetting process is not managed by either the GCSB or by NZ Police.  Once you are in the vetting process you should pay attention to the vetting staff instructions to make sure the process does not lapse.

The contact for clearances is the NZ Police. Click here to contact the TICSA Registrar.

This document sets out the steps for network operators and the GCSB in the network security process.

Network Security Process

Section 48 of the TICSA creates the obligation for network operators to notify the GCSB of proposed decisions, courses of action or changes in regard to certain parts of their network (Proposals). Under this section, it is only proposals that affect an “area of specified security interest” that need to be notified.

If a network operator becomes aware that implementation of any other decision, course of action or change, to any part of their network, may give rise to a network security risk, they are required to notify GCSB (section 46(1) TICSA). 

Network operators need to notify the GCSB of proposed decisions, courses of action or changes to certain parts of their network at the stage when these decisions, courses of action or changes are still proposals, yet to be implemented. More detail on the notification requirements and process is provided in the Guidance to network operators. 

Notification template.

Under the TICSA, the Director of the GCSB can grant exemptions to a network operator’s obligation to notify of proposed decisions, courses of action of changes to certain parts of their network.  Exemptions can only be granted if the Director is satisfied that the granting of an exemption will not give rise to a network security risk. 

Notice of the exemptions that have been granted is available here.

Exemptions can be granted to individual network operators or a class of network operators. The GCSB will notify individual network operators directly in writing of any exemption applying only to them. Exemptions that apply to a class of network operators will be published on the GCSB and NCSC websites (as required in s49(5) of the TICSA) as well as written notification being sent to all network operators falling in that class.

Network operators will be able to request exemptions from the GCSB through the notification process. This will provide the GCSB with the information it needs to be able to assess whether granting the exemption will give rise to a network security risk.

Exemption request template.

Under the TICSA, the New Zealand Police are responsibile for maintaining the Register of Network Operators on behalf of all of the surveillance agencies.  Information and registration details are available on the New Zealand Police website.

Network operators can contact the TICSA team via ticsa@ncsc.govt.nz 

The Guidance and Templates can also be made available in alternative document formats upon request.