Snooping laws come with unknown cost

By PETER GRIFFIN

New laws allowing police and security services to snoop on emails may prove expensive for a long list of telecommunications companies, internet service providers and even Canterbury University.

But how much complying with the new requirements will cost is anyone's guess.

The Telecommunications (Interception Capability) Bill, which is now being drafted, gives existing operators five years to make their data networks capable of interception by the police and state agencies such as the Security Intelligence Service and the Government Communications Security Bureau.

New operators, such as fledgling mobile network operator Econet Wireless, would have 18 months and would also have to cover the cost themselves, said Communications Minister Paul Swain.

While Cabinet policy committee documents obtained by the Herald put the total cost to the industry at $12 million, most internet providers and telcos have yet to do the sums themselves. The legislation accounts for existing telecoms voice networks to be upgraded, with the Government paying $3 million to make them interception-capable. The bulk of that money has been spent on the networks of Telecom and Vodafone.

TelstraClear's head of network operations, Neil Cryer, said the company had not calculated the cost of making its data network interception-capable.

Nick Wood, director of ihug, said interception requests were at present dealt with on a case-by-case basis, usually at minimal cost.

"It's just the time of the ihug guy who is getting the information for them. We don't charge for that."

Neil De Wit, managing director of fibre network operator CityLink, had no idea how much the process would cost.

Citylink had not yet received any interception requests and he believed internet service providers (ISPs) rather than network infrastructure providers would be most affected.

"It's easier to capture the information at either end of the network rather than on the network itself."

Telecom, which manages the infrastructure for the country's largest ISP, Xtra, was undertaking a major upgrade to an IP (internet protocol) based network which could drive up the cost of making the network interception-capable, said spokesman Andrew Bristol.

He said Telecom could give no guarantees that the cost of meeting its interception obligations under the new law would not be passed on to consumers.

The Cabinet policy committee documents point out that any interception of data would still require an interception warrant to be issued by the High Court. A Government source said most requests for such warrants were now turned down.

Just what is involved in making the various networks interception-capable has not been revealed, but the documents say "the bill does not require all internet service providers to 'install a black box linked to the security service' which will monitor all internet traffic".

This has been the scenario painted by concerned privacy advocates overseas.

But a security expert who did not want to be named said the legislation would, in theory, allow the introduction of systems like "Carnivore" - an internet monitoring device used by the FBI.

Carnivore does not "sniff" internet traffic indiscriminately but "decodes" the traffic looking for addresses it is programmed to search out. The FBI says it is used only if an ISP cannot satisfy a warrant.

It says the boxes are rarely placed on ISP backbones, but usually close to the servers they are designed to monitor and usually for no longer than a month at a time.

The security expert said most of the cost of making the networks interception-capable would involve putting systems in place to allow access to servers and network infrastructure quickly, and training ISP staff.