https://www.arnnet.com.au/article/678599/australian-backdoor-law-forces-cloud-rethink-new-zealand-parliament
> By Rob O'Neill (New Zealand Reseller News) 22 April, 2020 05:00 > > > An Office 365 roll-out at Parliament has faltered due to concerns about > security and data sovereignty while complexity appears to have scuppered a > Sharepoint-based rebuild of the New Zealand charities register. > > The Parliamentary Services roll-out was paused in March 2019 to accommodate a > reassessment of the final stage migration to cloud-based versions of > Microsoft 365, a report to Parliament revealed. > > Parliamentary Services told Reseller News the concerns related to the passage > of the Telecommunications (Assistance and Access) Act in Australia -- the > so-called "backdoor" law. > > Among other provisions, the new law required tech companies to provide law > enforcement and security agencies with access to encrypted communications. > > The law, which was opposed by global tech and cloud giants, provided for > fines of up to A$10 million for institutions and prison terms for individuals > for failing to hand over data linked to suspected illegal activities. > > Opponents charged it was vaguely worded and open to abuse and would require > carriers and other providers to build tools, or backdoors, to deliver access > to law enforcement and security agencies. > > A Parliamentary Services spokesperson said the Office 365 project had three > objectives: to review the current state of the network design and > infrastructure to prepare for future cloud adoption; to implement "cloud > ready" identity and access management and other security tools, and to > migrate users from on-premises Microsoft Office to Microsoft Exchange Online > and Office 365 hosted from cloud availability zones in Australia. > > The work packages for the first two objectives were completed successfully, > the spokesperson said. > > However, during the business change management for the third item in late > 2018, stakeholders raised concerns around Australia's new law and the legal > protection of New Zealand parliamentary privilege. > > The adoption of Office 365 was paused until further work could be done to > quantify and mitigate those risks. > > Spending on the project to March 2019 was $677,149, slightly below the > project's overall estimated budget of $700,000. > > > Further work has since been done to clarify the legal issues and > jurisdictional risks involved, and to work with stakeholders to identify > possible mitigations. > > "The migration to Office 365 currently sits on the list of candidate projects > for the upcoming financial year, awaiting business prioritisation," the > spokesperson said. > > "There was little impact to the budget [because] much of the spending was on > the foundational network and security improvements, which have paid dividends > independent of Office 365." > > At the Charities Commission, a business group of the Department of Internal > Affairs (DIA), a combination of Microsoft’s Windows Server (SQL server), > Sharepoint, Dynamics and .Net software is used to store documents and to > administer the Charities Register. > > The register system delivers an online account for charities to file annual > returns and to update charity information and a public register on the > commission's website. > > The rebuild, dubbed the "Fit For Future" project, was designed to keep the > charities register in a supported environment by upgrading servers and moving > to the cloud. > > However, the complexity of the move to cloud services was underestimated at > the outset of the project, DIA said in response to an Official Information > Act query. > > "Instead we decided to upgrade key components of the system in place to > ensure the ongoing security of the system in the short to medium term, and to > leverage at a later date the other larger projects in the Department > exploring cloud solutions," DIA said. > > DIA's annual review by Parliament in March noted that the $1.1 million Fit > for Future project had been delayed by 25 months. > > "The department has decided that it needs to change the direction of the ICT > system," it said. > > "The project will be closed in the 2019/20 financial year. This will be > followed by a business case for another Fit for Futures Charities project to > be initiated under a new name." > > Planning around the project, to be called Piki Kotuku, is now on hold due to > Covid-19. -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
