[LINK] Australian 'backdoor law' forces a cloud rethink at New Zealand's Parliament

Kim Holburn kim at holburn.net
Wed Apr 22 11:06:16 AEST 2020


https://www.arnnet.com.au/article/678599/australian-backdoor-law-forces-cloud-rethink-new-zealand-parliament


> By Rob O'Neill (New Zealand Reseller News) 22 April, 2020 05:00
> 

> 
> An Office 365 roll-out at Parliament has faltered due to concerns about security and data sovereignty while complexity appears to have scuppered a Sharepoint-based rebuild of the New Zealand charities register.
> 
> The Parliamentary Services roll-out was paused in March 2019 to accommodate a reassessment of the final stage migration to cloud-based versions of Microsoft 365, a report to Parliament revealed.
> 
> Parliamentary Services told Reseller News the concerns related to the passage of the Telecommunications (Assistance and Access) Act in Australia -- the so-called "backdoor" law.
> 
> Among other provisions, the new law required tech companies to provide law enforcement and security agencies with access to encrypted communications.
> 
> The law, which was opposed by global tech and cloud giants, provided for fines of up to A$10 million for institutions and prison terms for individuals for failing to hand over data linked to suspected illegal activities.
> 
> Opponents charged it was vaguely worded and open to abuse and would require carriers and other providers to build tools, or backdoors, to deliver access to law enforcement and security agencies.
> 
> A Parliamentary Services spokesperson said the Office 365 project had three objectives: to review the current state of the network design and infrastructure to prepare for future cloud adoption; to implement "cloud ready" identity and access management and other security tools, and to migrate users from on-premises Microsoft Office to Microsoft Exchange Online and Office 365 hosted from cloud availability zones in Australia.
> 
> The work packages for the first two objectives were completed successfully, the spokesperson said. 
> 
> However, during the business change management for the third item in late 2018, stakeholders raised concerns around Australia's new law and the legal protection of New Zealand parliamentary privilege. 
> 
> The adoption of Office 365 was paused until further work could be done to quantify and mitigate those risks.
> 
> Spending on the project to March 2019 was $677,149, slightly below the project's overall estimated budget of $700,000.
> 
> 
> Further work has since been done to clarify the legal issues and jurisdictional risks involved, and to work with stakeholders to identify possible mitigations.
> 
> "The migration to Office 365 currently sits on the list of candidate projects for the upcoming financial year, awaiting business prioritisation," the spokesperson said.
> 
> "There was little impact to the budget [because] much of the spending was on the foundational network and security improvements, which have paid dividends independent of Office 365."
> 
> At the Charities Commission, a business group of the Department of Internal Affairs (DIA), a combination of Microsoft’s Windows Server (SQL server), Sharepoint, Dynamics and .Net software is used to store documents and to administer the Charities Register.
> 
> The register system delivers an online account for charities to file annual returns and to update charity information and a public register on the commission's website. 

> 
> The rebuild, dubbed the "Fit For Future" project, was designed to keep the charities register in a supported environment by upgrading servers and moving to the cloud.
> 
> However, the complexity of the move to cloud services was underestimated at the outset of the project, DIA said in response to an Official Information Act query.
> 
> "Instead we decided to upgrade key components of the system in place to ensure the ongoing security of the system in the short to medium term, and to leverage at a later date the other larger projects in the Department exploring cloud solutions," DIA said.
> 
> DIA's annual review by Parliament in March noted that the $1.1 million Fit for Future project had been delayed by 25 months. 
> 
> "The department has decided that it needs to change the direction of the ICT system," it said. 
> 
> "The project will be closed in the 2019/20 financial year. This will be followed by a business case for another Fit for Futures Charities project to be initiated under a new name."
> 
> Planning around the project, to be called Piki Kotuku, is now on hold due to Covid-19.


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request





More information about the Link mailing list