`
File No. DOIA 2223-0790
27 October 2022
AS Van Wey
[FYI request #20867 email]
Dear AS Van Wey
Thank you for your email of 16 October 2022 to the Ministry of Business, Innovation and Employment
(the Ministry) requesting the following under the Official Information Act 1982 (the Act):
I am writing to request a complete list of Registered Network Providers, as defined under the
Telecommunications (Interception Capability and Security) Act 2013. If possible, I respectfully
request, that the information be provided as fol ows.
(1) Complete list of Registered Network Providers who have full interception capability, as
defined under sections 3, 9 and 10 of the Act; and
(2) Complete list of Registered Network Providers who have Lower-level compliance duties; and
(3) List of Government Agencies or State-Owned Enterprises that must be compliant with the
Act, whether they have registered or not.
On page 8 of the Te koke ki tētahi Rautaki Matihiko mō Aotearoa Towards a Digital Strategy for
Aotearoa report, it states that CERT NZ reported they had received 125 complaints of
"unauthorized Access" and 203 compliant as "other".
(4) Of the 125 reports of "unauthorized access", I respectfully request the copies of the reports in
which the person to have allegedly gained "unauthorized access" was a government employee.
To protect victim, and reputation of the alleged offender, I do request that information which is
considered personal identification information (e.g., names of individuals or personal
identification numbers) be redacted. However, I respectfully request that the names of the
government agency of the alleged "unauthorized access" remain visible.
(5) For each of the above, I also request the information on what steps you took to investigate
these alleged breaches and to protect and secure the data which was alleged to have been
accessed without authority.
(6) I would like to amend my earlier request to also include copies of all direction and regulations
issued under the Telecommunications (Interception Capability and Security) Act 2013, if any
exist.
(7) I also ask for a list of network providers or class of network providers who have been granted
an exemption from any or all of the requirements under this Act.
This letter is to notify you that the Ministry is transferring parts 1, 2, 3, 6 and 7 of your request to
New Zealand Police, in accordance with section 14 of the Act. This transfer is occurring because the
Ministry believes that the information requested is more closely aligned with the functions of New
Zealand Police.
On 26 October the Ministry contacted you to seek clarification on parts 4 and 5 of your request. The
Ministry will respond to parts 4 and 5 of your request in due course and once clarification is received.
Te Whakatairanga Service Delivery
15 Stout Street, PO Box 1473, Wel ington 6140 New Zealand
E [email address]
T +64 4 472 0030
W www.mbie.govt.nz
You have the right under section 28(3) of the Act to seek an investigation and review by the
Ombudsman of my decision to transfer your request. The relevant details can be found at:
www.ombudsman.parliament.nz
Yours sincerely
Deborah Salter
Manager, Communications Policy
Digital, Communications and Transformation