Updated: NZ government leaves cloud guidance unchanged after Aussie backdoor law

Updated: NZ government leaves cloud guidance unchanged after Aussie backdoor law

New Zealand Privacy Commissioner addresses issue with Reseller News

Privacy Commissioner John Edwards

Privacy Commissioner John Edwards

Credit: Supplied

The New Zealand government is leaving its guidance on cloud computing unchanged after Australia passed a controversial law giving authorities power to access network and cloud-based information.

The Department of Internal Affairs (DIA) said its initial assessment of the Australian Assistance and Access Act is that the government chief digital officer’s guidance on managing jurisdictional risks stands "as is".

"Australian government agencies still require warrants and notifications to access data from cloud providers, as is the case in other countries," the DIA said.

"In addition, while there has been some commentary in the media that this legislation require cloud providers to introduce weakened encryption, the practical consequences of implementing this have yet to be well understood.

"For these reasons we don’t see that anything has changed at this time, but we will be working through this in more detail as part of the planned refresh of the guidance on managing jurisdictional risks this year."

Among other provisions, the Act requires tech companies to provide law enforcement and security agencies with access to encrypted communications.

The bill, which was opposed by global tech and cloud giants, provides for fines of up to $10 million for institutions and prison terms for individuals for failing to hand over data linked to suspected illegal activities.

Opponents of the law charged it was vaguely worded and open to abuse and would require carriers and other providers to build tools, or backdoors, to deliver access to law enforcement and security agencies.

It also potentially threatens New Zealand government and private data held in Australian data centres operated on behalf of major cloud providers such as Amazon Web Services and Microsoft.

New Zealand Privacy Commissioner John Edwards told Reseller News government agencies’ adoption of offshore-based cloud services was supported by a number of Cabinet decisions and the government chief digital officer.

"It is for the Department of Internal Affairs to revise and update any guidance and recommendations in light of this new law," he said.

Agencies that have migrated to data centres in Australia should also do their own assessment of the risks, as the commissioner had done.

"My office migrated to Microsoft’s Azure service in late 2018, storing our data in Microsoft’s data centres in Sydney," Edwards said. "We have considered the impact of the change in Australian law and have formed the view that it does not materially affect our risk.

"We continue to be satisfied with our current arrangement, which has provided significant efficiencies and benefits to our business."

Lowndes Jordan partner and technology and privacy specialist Rick Shera said, while he hadn’t looked at the Australian provisions in detail, he wasn't sure the Australian law was much different from New Zealand's new Telecommunications Interception Capability and Security Act (TICSA) in terms of central government review and approval of infrastructure change by network providers and in terms of interception access.

"It seems to me that the position with respect to over the top providers remains unclear on both sides of the ditch," he said. "Particularly with respect to requirements to decrypt.  

"I can therefore understand DIA not wanting to depart from the status quo until there are some use cases under the new Australian legislation that they can assess."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments