Data laws: protecting society or invading privacy?
Business & Finance / ENN.ie
By Cian Ginty
Data retention measures currently include the logging and storing of data pertaining to phone calls and text messages, as well as location details from mobile phones, for up to 18 months.
A new EU directive, however, is to expand current rules to include holding e-mails and other internet traffic data for up to two years. The Gardai and the Defence Forces will be able to access this data without a court order or warrant.
While the Government has said it is not going to rush through the new rules, it has said it is eager to come in line with Europe. The Department of Justice claims data retention is needed to tackle crime and for the security of the State. A spokesman from the Department said the measures were needed for “the prevention, detection, investigation, or prosecution of crime and for the safeguarding of the security of the State.”
Irish internet service providers and civil rights groups suggest that these new blanket surveillance laws are unlikely to catch serous criminals, or terrorists. Strict take-up of the directive here could also harm Ireland Inc, they say.
The association of internet service providers in Ireland points out that those wanting to cover their digital footprints are unlikely to be caught. Internet Protocol (IP) addresses — a method of identifying internet users — can easily be blocked, or manipulated, or are often only temporarily assigned on a ‘session’ basis.
“The very people that you want to capture know exactly what they need to do to make sure any tracks they may leave are totally unreadable,” said Paul Durrant, general manager of the Internet Service Providers Association of Ireland (ISPAI).
“The European ISP association has always questioned the true effectiveness of data retention to tackle serious crime and terrorism for which it was it was brought in.”
The Department of Justice also claimed data retention constitutes a responsible and legitimate balancing of privacy and the need to protect people from crime and terrorism. This assertion is described as “nonsense” by Digital Rights Ireland, a group set up to protect civil rights in a digital age.
TJ McIntyre, chairman of DRI, said: “A system whereby everyone — judge, jurist or jailbird alike — has their communications and movements logged automatically, without any requirement for a warrant or any prior suspicion, cannot possibly be proportionate. This is especially so when we remember that the State has been pushing for this to be extended to the internet also.”
McIntyre says current and expanding retention laws will essentially lead to the creation of “digital dossiers” on every person in the country.
“This means the telecommunications and movements of every person in the State must be tracked and logged by the telecommunication firms and kept for three years. Even Orwell didn’t dream of surveillance this intrusive.”
DRI and the ISPAI also repetitively speak of their concerns that the law will be used in the cases of minor crimes and for so-called “fishing expeditions”, where a wide net is cast for large amounts of data with the hope of finding significant information.
“The Data Protection Commissioner has revealed that there were approximately 10,000 requests for this information last year. This is not the sign of legislation being used sparingly and proportionately,” said McIntyre.
Critically for ISPs, it is they that will have to foot the bill to log and store all this extra data. “It has been made quite clear to us that data retention is not being funded by the Government, it is a business cost to us. And we have pointed this out to the public when trying to raise greater concern about this law before it was passed at European level. ISPs and telecom companies are commercial organisations and therefore we have to pass this cost on to the consumer,” explains Durrant.
There will be three areas of cost for ISPs: the initial set-up including equipment and software, the costs of maintaining and keeping the data secure, and the costs surrounding servicing data requests.
While the full costs are still unknown the ISPAI says that their French counterpart has estimated that large European service providers could see costs spiral to reach into the millions.
For now, ISPs in Ireland remain uncertain as to what’s required of them as the directive is open to interpretation by member states when transposing it into national law.
“The terminology is rather vague from a technology perspective and so therefore it’s very difficulty to know exactly what the expectations should be in terms of what should be retained by whom and under what circumstances,” explained Durrant. “The whole point of Europe getting involved was to have harmonisation, yet as you can interpret this one hundred and one different ways it doesn’t say much for the harmonisation that’s going to happen across Europe.”
He warns that this indecisiveness is one of their largest concerns as it could place Ireland at a disadvantage compared to other countries competing against us for much-valued foreign direct investment.
“It’s a very real threat to Ireland Inc; it could become a criterion in people’s location decisions and this is something we have tried to bring to the Government’s attention in the past. I don’t want to start being alarmist but it is a reality that the Government needs to think long and carefully about.”