FROM PIPE MD BEVAN SLATTERY: It was 2:30am in my hotel room in Washington DC. I was busy finalising a presentation I was due to give in the next seven hours, and I was nervous. This was, without question, the single most important presentation I have made in my career.
If you want to land a cable into the United States or its territories such as Guam you need to get approval from the US Federal Communications Commission. However, before you get that you need to sign a security agreement with Team Telecom.
Team Telecom is the nickname given to the Executive Branch agencies that scrutinise all new applications to the FCC for serious infrastructure builds such as submarine cables.
Team Telecom is made up of Department of Defense, Department of Homeland Security, Department of Justice and the FBI. These people take national infrastructure seriously and this process is not for the weak-hearted. My presentation covered everything from the major shareholders of PPC-1 and PIPE entities, the country of origin of officers, equipment, suppliers, hardware, remote hands, security of facilities, interception issues, locations of our network operations centres and survivability of same in cases of certain events. This presentation followed a series of questionnaires. These questionnaires provided me with some of my most thought provoking ‘due diligence’ ever on infrastructure security controls.
About this time I received an email from my executive assistant in Australia with an urgent fax attached. The facsimile was from the The Hon. Senator Conroy’s office seeking us to voluntarily handover our information about our entire network for use in his planned open FTTN tender. I immediately contacted the relevant person within the Department and discussed a number of my concerns. In summarised form, the letter and conversation confirmed the following:
- The Department wanted PIPE Networks to ‘volunteer’ all our commercially sensitive network information to itself and, ultimately, to unknown parties. These parties may include, and are not limited to, possible competitors, other domestic and global carriers, global equipment vendors, investment bankers, consultants etcetra. The Department confirmed that, at this stage, it doesn't know who will have access, or indeed that we may ever be advised who will receive such copies.
- The information is being sought in a highly detailed and portable vector format without any security controls. The information is to be in a Mapinfo format which is unauditable and easily copied via any media from a USB key to forwarding via any free email account. The department had no response as to the security concerns other than ‘I understand, but we need it in that format.’
- Appropriate arrangements will be put in place to deal with any commercially sensitive information provided in response to this request.’ It is explained this arrangement will be by way of a non-disclosure deed which specifies the purpose for which the information is used. Discussions with the Department confirmed that PIPE Networks may not even be a party to the deed, despite the fact that this is our intellectual property. The deed may ultimately be between the Department and the user. No work has actually been performed on such a deed and, as such, one could not be provided to us. There is no understanding of penalties, warranties, destruction of records etcetera. We may have some input to the deed, however, there would be no guarantee of its format, nor that it will be acceptable to us. When asked why we could not be guaranteed to be notified of any party seeking the information, the response was ‘well then you would know who may be bidding and some people may not want you to know who they are.’
-
If PIPE Networks does not volunteer the information and in the format specified then 'in the event that voluntary agreement to provide the requested information is not forthcoming the Government has decided to put in place a legislative regime to enable the collection and disclosure of relevant information if that is necessary."
-
PIPE Networks was given three business days to agree to volunteer
And here is our dilemma. In seven hours I needed to demonstrate to US government agencies located at the B end of the cable that I am, indeed, a responsible network operator with the highest level of control of network infrastructure, access, personnel and information. Yet in three days, the Australian Government on the A end of the system is threatening legislative change unless I abandon those same principles.
I understand what is behind this and how this letter was well intended. However, the apparent lack of awareness of the many issues surrounding the various sensitivities of the network information being sought, the lack of consultation, lack of supporting documentation, lack of time for companies to appropriately discuss with the Department our concerns and an overall lack of framework can only result in one thing: the lack of a meaningful and satisfactory response.
Telstra’s management is completely justified in its position to withhold this information and immediately volunteer the network information being sought. In fact it's their responsibility as officers of a public company and as the owner and operator of critical infrastructure of national importance.
At the end of the day we will talk to the government to make sure our concerns are clearly understood, at which point, I would expect that we will be able to agree on a process to provide access to the requested information on a more secure and auditable manner, and with the necessary indemnities. Without this safeguard I am duty bound not to disclose this information as it has presently been requested. I would suspect that any proposed legislation as foreshadowed by the Department to compel carriers to hand this information over various external parties that did not include suitable security arrangements would be dimly viewed by other countries with which we have security arrangements with. But that’s for another day.