Yesterday it was a HSE laptop with sensitive financial information on the public. (Don’t forget the HSE has form - with multiple data losses just last year - and has now shown that it has broken its promise to encrypt all laptops containing sensitive personal information.)
We’ve been banging on about this for a while, but it’s worth repeating that in light of these fiascos, a law to warn you that your data has been stolen is long overdue:
At the moment, there is no legal obligation on a body which loses your personal information to notify you. This means that individuals may be unaware that sensitive information such as medical histories or financial records has been lost. It may be, for example, that the first you learn about it is when you go to the ATM and find that your account has been emptied.
What’s being done on this front at the moment? The Minister for Justice has kicked this issue to touch for the time being, setting up a working group to consider whether mandatory reporting should be introduced - and we’ve made submissions to that group. But if you want to see action taken sooner rather than later, now would be a good time to let your TDs (firstname.surname@oireachtas.ie) and MEPs (contact details here) know that you support a right to be warned when your data has been stolen.
Perhaps most importantly, you might want to ask yourself this question - if this is what happens to your financial information, what can you expect to happen to your email and web information if the government is allowed to continue with its plans for data retention?
You might have noticed that we think that Irish data retention laws are an invasion of our privacy. Unfortunately Irish law on interception of communications also fails to protect our privacy - and for that reason we’ve lodged a formal complaint with the European Commission, pointing out that Irish law doesn’t meet European standards and asking that they require the Irish government to introduce adequate protections. Read on for more details and to see what you can do to help.
What’s the difference between data retention and interception? While data retention focuses on traffic data - who called whom, when, where the mobile phone was, etc. - interception deals with attempts by the state or private parties to monitor the contents of communications - to listen in on telephone calls, read emails, and so on.
Interception is controlled to a limited extent by Irish law - under legislation from 1983 and a 1993 Act introduced after a scandal involving the Taoiseach and Minister for Justice illegally tapping journalists’ phones - but that law is now well out of date, and doesn’t meet the standards set out by European law in the 2002 e-Privacy Directive.
What’s wrong with the existing Irish law? There are two major limitations. First, it was introduced at a time when there were a limited number of players in the telecommunications market. As such, it applied initially to Telecom Éireann, and was extended to certain telecoms businesses operating under a licence or a general authorisation. It does not, however, apply to other businesses which don’t need an authorisation - which includes most online only businesses. Webmail, instant messaging or voice over IP, for example, would not be protected by the 1993 Act. Secondly, it applies only to messages which are “being transmitted” - something which appears to mean that e.g. the contents of a webmail inbox would not be protected.
As a result of these limitations, the protections of the 1983 and 1993 Acts - which make interception a criminal offence, require a warrant from the Minister for Justice before interception can be carried out by the police, and provide for judicial oversight - simply do not apply to a wide range of online communications. This lack of legislative control appears to be a relatively clear breach of the e-Privacy Directive, which requires states to “prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so … [by] legislative measures [which are] necessary, appropriate and proportionate within a democratic society”.
In short, we think that Irish law doesn’t adequately protect the privacy of your online communications - and hopefully the European Commission will require the Government to introduce adequate protections. If you agree, you can support the complaint by contacting the Minister for Justice (Email: minister@justice.ie, Fax: 01 661-5461, Snail Mail: 94 St. Stephen’s Green, Dublin 2) and asking him to extend Irish interception law to adequately protect online communications and meet our European obligations. You can also email the Commission at InfsoB2@ec.europa.eu, referring to our complaint and indicating that you are also making a formal complaint that Irish law on the interception of communications is not in compliance with Art. 5 of the ePrivacy Directive.
For those of you who can’t get enough legalese, the full text of our complaint is below: (more…)
Good news from our friends in the German Working Group against Data Retention:
As the first German court, the Administrative Court of Wiesbaden has found the blanket recording of the entire population’s telephone, mobile phone, e-mail and Internet usage (known as data retention) disproportionate.
The decision published today by the Working Group on Data Retention (decision of 27.02.2009, file 6 K 1045/08.WI) reads: “The court is of the opinion that data retention violates the fundamental right to privacy. It is not necessary in a democratic society. The individual does not provoke the interference but can be intimidated by the risks of abuse and the feeling of being under surveillance [...] The directive [on data retention] does not respect the principle of proportionality guaranteed in Article 8 ECHR, which is why it is invalid.”
The Working Group on Data Retention which has initiated a class action of over 34,000 citizens against the total logging of the entire population’s communications and movements welcomes the court decision very much. It calls on social democrats and christian democrats to reject the latest government project to allow Internet service providers to record everybody’s Internet surfing habits.
“We call on all citizens to contact their MPs now in order to protest against the proposed retention of web surfing habits,” says Werner Hülsmann, member of the board of the forum of computer scientists for peace and social responsibility and actively working in the Working Group on Data Retention. To stop the project, which the Bundestag will debate on Thursday in the first reading, the Working Group on Data Retention has set up a campaign page on the Internet. In early March, the Federal Council of Germany (Bundesrat) also warned that the proposed “storage of all Internet usage data without a specific cause or with blanket coverage [...] violates” the Constitution.
“The recent criticism by Federal Minister of the Interior Wolfgang Schäuble (CDU) of the Constitutional Court’s preliminary decision on data retention proves that his surveillance mania is limitless”, criticizes Patrick Breyer of the Working Group on Data Retention. “It is not ‘a matter for the legislature’ to keep eroding our constitutional guarantees protecting us from errors and abuses by the authorities. We urgently need to establish a Fundamental Rights Agency to have all existing powers and programs of the security authorities systematically and scientifically reviewed as to their effectiveness, cost, adverse effects, alternatives and compatibility with our fundamental rights.”
Granted, this isn’t the end of the matter in Germany. It’s a decision of one court but may be appealed, while the highest court in Germany (the Constitutional Court) has yet to make a final ruling. It is, however, a very encouraging sign - particularly as the Constitutional Court has already indicated a provisional view that data retention may be invalid. It’s also very helpful for our own case with its finding that data retention is disproportionate and unnecessary.
Looks like we got it wrong. When we wrote about the deal between Eircom and the music industry we believed (as the early reports seemed to say) that it only involved a “three strikes” system and that the daft notion of internet filtering was off the table. But the nastygrams sent to the other ISPs have now been leaked (thanks Michele) so that we can now see just what was agreed with Eircom and what the music industry is demanding that other ISPs do - and filtering is still on the table:
Leave aside for a moment the nonsense of sending this letter to a business - Blacknight - which doesn’t in fact provide internet access. The key words are these:
Eircom has agreed that it will not oppose any application our client may make seeking the blocking of access from their network to the Pirate Bay or similar websites …
Please confirm that Blacknight will also work with the record industry to end the abuse of the internet by peer to peer infringers … in the event of a positive response to this letter it is proposed to make practical arrangements with Blacknight of a like nature to those made with eircom.
Irma is drawing up a list of websites it doesn’t like and Eircom will block them to all of its customers. And Irma is demanding that other ISPs do likewise, on pain of being sued.
Eircom says that it will only block a website if a court order requests it to. But it has undertaken not to oppose any application to a court… Our judicial system is an adversarial one: it depends on someone opposing the action for a judge to come to a conclusion. If the opposing party enters no opposition, a basic standard of proof will be enough to satisfy the court.
The net effect of this scheme, if it is allowed to go into effect, will be to impose an internet death penalty on two groups. On users, who will be cut off on the allegation of a private body, with no court involvement, and on websites, which could be blocked to Irish users based on a court hearing where only one side is heard. Damien Mulley makes the point well as usual:
So first they’ll start with the Pirate Bay. Then comes Mininova, IsoHunt, then comes YouTube (they have dodgy stuff, right?), how long before we have Boards.ie because someone quoted a newspaper article or a section of a book? And don’t think they’ll stop there too, any site that links to The Pirate Bay and the others on the hate list will probably be added to the list too…
I’m sure the business case for eircom was they didn’t want any more costly High Court actions with McDowell biting at their legs on the command of the music industry but this is going to open up a can of worms with IRMA demanding more and more attacks on how people surf the net, this is what it is in my view an attack on our freedom to read, our freedom to write, our freedom to move around the web. All so a very rich but rapidly becoming poor group of luddites can feel better for seeing the future and trying to fight it.
And of course the costs of communications with IRMA and of the filtering is going to be passed on to the consumer. The cost of blocking a single site will be almost nothing I suppose but as more sites get added and as the arms race between the pirates and the ISPs escalates, then it’ll become complicated and complicated costs more. So again the majority get to pay…
So what can you do about this? The first step is the most urgent. The other ISPs are at this very moment considering what steps to take. Although some (such as Bitbuzz) have been vocal in their opposition, caving in is the path of least resistance unless you show that this is an issue which matters to you and which determines where you’ll take your business. Contact your ISP - mark your email for the attention of their regulatory department - and let them know what you think. Contact emails for most ISPs are on the ISPAI website. Do it now - the decision on what to do will be made soon.
The next thing to do is to get involved with a group which will fight this. We’re currently working on a few ideas and will let you know soon. But in the meantime you should go to Blackout Ireland who have been quick off the mark with a plan to black out the Irish internet for a week from March 5th. The Digital Rights forum on Boards.ie has also been abuzz with this issue, as has this thread on their Broadband forum.
Having done that, let the Minister for Communications - Eamon Ryan - know the damage that this is likely to cause. Don’t just rely on the civil rights arguments - business impact is more likely to get attention. Point out that if ISPs are forced to become the (unpaid!) copyright cops of the music industry, it will drive up their costs and set a dangerous precedent for other Irish internet businesses. Would you choose to establish an internet start up in Ireland if you thought you’d be made responsible for policing what your users do? Ask him to intervene to prevent irreparable damage to the Irish internet. Eamon Ryan’s email addresses are eamon.ryan@oireachtas.ie and minister@dcenr.gov.ie but a paper letter (Department of Communications, Energy and Natural Resources, 29-31 Adelaide Road, Dublin 2) or fax ((01) 678 2029 or 2039) are more likely to get attention. You can also ring the Minister’s office on (01) 678 9807 - if you do, be polite and succinct. If you’re a constituent of his (in Dublin South) be sure to mention that fact and that this issue will influence how you vote in the next election.
You might have noticed Karlin Lillington’s story in the Irish Times today about the Department of Justice’s new proposals on data retention. To make a long story short, it turns out that the Attorney General was not impressed with its remarkable plans to change the law to extend surveillance on every citizen in Ireland via a ministerial order - sidestepping the need for the Oireachtas to review these changes. Having been rebuffed on this issue, the Department of Justice has now decided to proceed (as it should have done to begin with) via primary legislation.
An improvement for transparency? It would be, if Justice lived up to their past promises to hold an open consultation process. But they haven’t. Their website still claims that the Directive will be transposed via a statutory instrument - notwithstanding the fact that they have prepared a draft Bill which they have been circulating to industry groups. Nor are they willing to show the draft Bill to the public - consultation for Justice appears to mean a secret process controlled by them and excluding citizens.
We’ve contacted Justice for their comments. In the meantime, we think that the public should have the same right to see the draft Bill as industry insiders, so here’s a copy of what we understand is the latest draft: COMMUNICATIONS (RETENTION OF DATA) BILL 2009
The European Court of Justice has given its decision today in the Irish Government challenge to the Data Retention Directive - Ireland v. Parliament and Council (Press Release | Judgment). Unsurprisingly (in light of the Advocate General’s Opinion) it has held that the directive was properly adopted as an internal market measure (by qualified majority voting) rather than as a criminal matter (requiring unanimity). Where does this leave us and our case?
While it’s a pity to see the Directive upheld, the Government’s challenge was a very narrow one, dealing only with the essentially technical matter of the legal basis for the Directive. The Government didn’t raise and the ECJ wasn’t asked to decide on the fundamental rights issues. Indeed it expressly stated:
The Court notes at the outset that the action brought by Ireland relates solely to the choice of legal basis and not to any possible infringement by the directive of fundamental rights resulting from interference with the exercise of the right to privacy.
Consequently, the decision doesn’t affect the core of our challenge to the Directive, which will still go ahead on the basis that it infringes the rights to privacy and freedom of expression. At the moment we’re waiting on a decision from the High Court on our application to refer these issues to the ECJ - we’re confident that when these issues reach the ECJ that they will decide in our favour.
The internet is abuzz (Irish Times | EFF | ars technica | Boing Boing) with the news that Eircom and the record labels have reached an out of court settlement in which Eircom has agreed to implement a “three strikes” regime for disconnecting people accused of filesharing. In return, the music industry has dropped its demand that Eircom apply a filtering system to its network.
It’s undoubtedly a good thing that the idea of filtering has (at least for the time being) been dropped - and in case you’ve forgotten, here’s why it’s a bad idea. But this new three strikes system has the potential to be just as bad. Why?
It’s unreliable. The company which the Irish music industry used in previous cases to identify filesharers - MediaSentry - has a track record of false accusations and in fact was recently found to be operating illegally in several US states. As a result the music industry has now dumped MediaSentry and has turned to Danish firm Dtecnet - but the inherent unreliability of this process remains.
It’s secret. We normally expect rules to be made in public, to be accessible to citizens and to be applied publicly. In this case, though, the settlement is private to the parties and we don’t know how it will be implemented by Eircom. Do you expect the right to challenge evidence in court? Perhaps a right to appeal? Tough. On the face of it the music industry and Eircom will between them act as judge, jury and executioner.
It’s undemocratic. The European Parliament has already rejected a similar plan to disconnect individuals based on mere accusations. In other countries where three strikes has been discussed there has been public input via legislatures and public consultation. (And in the UK the democratic process led to three strikes being shelved.) Here, however, the music industry is trying to foist the system onto ISPs while sidelining the Oireachtas and the democratic process.
It’s disproportionate. Daithi makes this point well:
The present-day Internet includes communication (email), socialising (IM, social networking etc), media consumption (websites, blog, streaming, etc), media creation (ditto), access to Government services, online commerce, etc. Now imagine that the sanction for a, let’s face it, relatively minor crime (copyright infringement, while economically significant, is hardly manslaughter), includes no use of the postal services, highly limited access to shops, no permission to read a newspaper, reduced ability to use public services or get public information, and more. That’s no minor sanction. Indeed, most prisoners can get things like reading material and send and receive letters! Not to mention that a Net disconnection has an impact on family members and others.
It will affect innocent third parties. Internet connections are not generally unique to an individual. Instead they’re shared - amongst families, flatmates, etc. But this system will mean that others will suffer based on the alleged wrongdoing of another. As the Open Rights Group points out:
if Dad gets the connection cut off … suddenly Mum can’t run her business from home, and the kids can’t get access to the Web to do their homework.
The European Parliament is currently considering proposals that would dramatically increase - close to doubling - the length of copyright in music recordings. We’d like you to tell your MEP to vote no.
Why are these proposals being pushed? Because copyright in many classic recordings from the 50s and early 60s is about to expire, making them part of the public domain.
What would the effect of the proposals be? The result would be to lock up those recordings for a further 45 years, depriving the public of the ability to reissue and rework those recordings. The outcome will be to benefit the music industry and to injure the public interest. But you don’t have to take our word for it. Here’s what the leading experts in copyright throughout Europe had to say:
Copyright extension is the enemy of innovation
Sir, Europe’s recorded music was about to experience a wave of innovation. For the first time, a major set of culturally important artefacts was to enter the public domain: the sound recordings of the 1950s and 1960s. Apparently not so. If the European Commission has its way, re-releases and reworkings of recorded sounds will remain at the mercy of right owners for another 45 years. Why?
The record industry succeeded to supply the Commission with evidence that was not opened to public scrutiny: evidence that claims that consumer prices will not rise, that performing artists will earn more, and that the record industry will invest in discovering new talents, as if exclusive rights for 50 years had not provided an opportunity to earn returns.
The Commission’s explanatory memorandum states: “There was no need for external expertise.” Yet, independent external expertise exists. Unanimously, the European centres for intellectual property research have opposed the proposal. The empirical evidence has been summarised succinctly in at least three studies: the Cambridge Study for the UK Gowers Review of 2006; a study conducted by the Amsterdam Institute for Information Law for the Commission itself (2006); and the Bournemouth University statement signed by 50 leading academics in June 2008.
The simple truth is that copyright extension benefits most those who already hold rights. It benefits incumbent holders of major back-catalogues, be they record companies, ageing rock stars or, increasingly, artists’ estates. It does nothing for innovation and creativity. The proposed Term Extension Directive undermines the credibility of the copyright system. It will further alienate a younger generation that, justifiably, fails to see a principled basis.
Many of us sympathise with the financial difficulties that aspiring performers face. However, measures to benefit performers would look rather different. They would target unreasonably exploitative contracts during the existing term, and evaluate remuneration during the performer’s lifetime, not 95 years.
We call on politicians of all parties to examine the case presented to them by right holders in the light of independent evidence.
Professor Lionel Bently, Director, Centre for Intellectual Property and Information Law, University of Cambridge; Professor Pierre-Jean Benghozi, Chair in Innovation and Regulation in Digital Services; Director, Research in Economics and Management, Ecole polytechnique, CNRS 1, Paris; Professor Michael Blakeney, Co-Director, Queen Mary Intellectual Property Research Institute, University of London; Professor Nicholas Cook, Director, AHRC Research Centre for the History and Analysis of Recorded Music, Royal Holloway, University of London; Professor Dr. Thomas Dreier, Director, Centre for Information Law, Universität Karlsruhe, Karlsruhe Institute of Technology; Professor Dr Josef Drexl, Director, Max-Planck-Institute for Intellectual Property, Munich; Dr Christophe Geiger, Associate Professor and Director elect, Centre for International Industrial Property Studies (CEIPI), University of Strasbourg; Professor Johanna Gibson, Co-Director, Queen Mary Intellectual Property Research Centre, University of London; Professor Dr Reto Hilty, Director, Max-Planck-Institute for Intellectual Property, Munich; Professor Dr Thomas Hoeren, Director, Institute for Information, Telecommunications- and Media Law, Münster University; Professor Bernt Hugenholtz, Director, Institute for Information Law, University of Amsterdam; Professor John Kay, Chair, British Academy Copyright Review; Professor Martin Kretschmer, Director, Centre for Intellectual Property Policy & Management, Bournemouth University; Professor Dr Annette Kur, Max-Planck-Institute for Intellectual Property, Munich; Professor Hector MacQueen, Co-Director, SCRIPT/AHRC Centre Intellectual Property & Technology Law, University of Edinburgh; Professor Ruth Towse, Professor of the Economics of Creative Industries, Erasmus University Rotterdam and Bournemouth University; Professor Charlotte Waelde, Co-Director, SCRIPT/AHRC Centre Intellectual Property & Technology Law, University of Edinburgh
OK, I’m convinced. What can I do to oppose this? The people to contact are the MEPs for your constituency. A full list (with contact details) is here.
So what should I say when contacting them? A petition against these changes has been organised by (amongst others) the UK Open Rights Group and EDRI . You might like to use the text of that petition (slightly modified):
Dear …
I am a constituent of yours in … and the question of copyright is important to me.
The European Parliament is being asked to nearly double the term of copyright afforded to sound recordings. Industry lobbyists suggest that extending copyright term will help increase the welfare of performers and session musicians. But the Term Extension Directive, which will be voted on by the Legal Affairs Committee in a few weeks’ time, will do no such thing. Instead it will hand millions of euros over to the world’s four major record labels, money that will come direct from the pockets of European consumers. The majority (80%) of recording artists will receive between €0.50 - €26 a year.
Helping poor recording artists is a commendable aim. But the Term Extension Directive insults these good intentions. Andrew Gowers, former editor of the Financial Times, who conducted an independent review into the intellectual property framework for the UK Government in 2006, has called it out of tune with reality. Professor Bernt Hugenholtz, who advises the European Commission on intellectual property issues, has called it a deliberate attempt on behalf of the Commission to mislead Europe’s Parliament. If passed, the Term Extension Directive will have serious consequences for Europe’s IP policy.
* Any extension of copyright term will take money directly from consumers’ pockets. It will also consign a large part of Europe’s cultural heritage to a commercial vacuum.
* Europe’s leading IP research centres have clearly shown the proposal does not do what it purports to do - help the poorest performers. It is simply a windfall for the owners of large back catalogues and the top earning performers.
* The proposal will undermine public respect for copyright law and introduce an unworkable and unproven framework for copyright, at the very time when Europe’s copyright framework needs to be at its most robust.
I therefore ask you to vote to reject this directive.
Karlin Lillington has an interesting story in today’s Irish Times on recent UK developments in surveillance and what they might mean for Ireland. Here’s an excerpt:
NET RESULTS: When it comes to abuse of privacy, where Britain goes, Ireland tends to follow. That’s why we should be worried - very worried - about developments across the Irish Sea that emerged as the year rolled over into 2009, writes Karlin Lillington.
First came a New Year’s Eve story in the Guardian that home secretary Jacqui Smith will propose the creation of a single giant communications database and the option of outsourcing the storage of all the personal details held under the UK’s data retention regime to a private firm.
That means potentially that a single repository - a massive, national communications database - would hold all the details about, though not the content of, everyone’s e-mails, phone calls, faxes, text messages and internet use.
The same array of data is retained in Ireland as well, though at the moment, as is the case in Britain, data is retained by the communications providers, not in a central database.
Gathering such a spread of private information into a single database would create a “hellhouse” of personal private data that would not only be vulnerable to security breaches on a massive scale but would prove too great a temptation for law enforcement, according to Britain’s former director of public prosecutions, Sir Ken McDonald.
McDonald was scathing in his criticism of the idea. “Authorisations for access might be written into statute,” he told the Guardian. “But none of this means anything. All history tells us that assurances like these are worthless in the long run. In the first security crisis, the locks would loosen.”
While “security” would be cited as the main impetus for such a database, “the notion of total security is a paranoid fantasy that would destroy everything that makes living worthwhile” and bring an “ugly future”, he said.
One of the areas she points out - remote searches or the ability of the police to remotely hack into your computer to find evidence or monitor your activity - will certainly be one of the big issues of 2009. While Irish law doesn’t currently deal with this issue, there are moves at EU level to encourage (and possibly eventually require) all member states to allow remote searches. This becomes more worrying when combined with a growing law enforcement desire to be able to conduct “remote cross border searches” - that is, for the police in country A to be able to hack into a computer in country B. This strategy - also known as “chasing bits across borders” presents its own problems for privacy and especially accountability.
Last week the Cabinet approved the heads of a Surveillance Bill which, if enacted, will allow Gardaí to break into private property to place covert video cameras and audio bugs, and to use evidence gathered in that way in criminal prosecutions. The Bill – which was already on the legislative programme but was rushed forward after the murder in Limerick of Shane Geoghegan – is intended to place existing Garda practices on a statutory basis in line with Ireland’s obligations under the European Convention on Human Rights.
At the moment, due to the lack of statutory controls, material gathered in this way (such as transcripts of conversations) can be used for intelligence purposes but would not be admissible in criminal trials. The Bill aims to remedy this by providing that Gardaí will have to obtain authorisation from a District Court judge before this type of surveillance can be carried out (except in cases of exceptional urgency) and that a designated judge of the High Court will keep the overall operation of the system under review. In addition, these methods can only be used in respect of crimes carrying a possible sentence of at least five years imprisonment and where the surveillance is, in all the circumstances, proportionate.
The Bill promises to regularise the law in this area and to that extent must be welcomed. It is unfortunate, however, that it took a high profile and tragic murder before this was given priority. As far back as 1996 the Law Reform Commission in a Consultation Paper identified a need for reform and in a 1998 Report it recommended that there should be a legal basis for Garda surveillance of this type. Successive Ministers for Justice have, however, largely ignored this recommendation. (The most remarkable example being in 2006 when the Privacy Bill introduced by then Minister for Justice Michael McDowell targeted surveillance by the media – but entirely excluded Garda surveillance from its scope.) In light of over a decade of government inactivity, the Bill is long overdue.
The timing of the Bill aside, its provisions generally represent a substantial step forward. It has clearly been influenced by the constitutional guarantee of the inviolability of the dwelling and the safeguards which it provides are more robust than those recommended by the Law Reform Commission. It introduces for the first time in Irish law the principle that judicial approval should be required before surveillance is carried out. Unlike other forms of surveillance such as data retention – which currently can be used in respect of even the most minor crimes – the Bill is limited to genuinely serious offences and also introduces a requirement that the surveillance must be proportionate having regard to the impact on the rights of innocent third parties.
There are of course some aspects of the Bill which could be improved. For example, the procedure to deal with cases of exceptional urgency is too lax. Under the Bill as it stands those cases would bypass the judicial process entirely, so that surveillance could take place for up to 14 days without any authorisation. There must be a question mark as to whether this provision would be constitutional if it was used to break into and bug a dwelling. Instead, it would be preferable to deal with cases of urgency by permitting Gardaí to commence surveillance without a judicial authorisation but then requiring that an application be made to the District Court for permission to continue the surveillance.
However, while the Bill is generally good as far as it goes, there is a strong argument to be made that it doesn’t go nearly far enough.
Despite its broad title, it addresses only one very narrow area – the covert surveillance of locations by devices which are physically planted in those locations. Many other forms of surveillance – such as the use of GPS devices to track the position of cars, the use of long range cameras and microphones to monitor locations from a distance and live monitoring of internet activity – will still be entirely unregulated. As a result there will continue to be doubt as to whether Gardaí have the power to use these types of surveillance and as to whether the resulting evidence can be used in criminal prosecutions.
Meanwhile, although there is some legislation regulating other forms of surveillance such as the interception of communications, data retention and Garda use of CCTV, that legislation has developed on an ad hoc and reactive basis with few consistent principles applying to its use or oversight. Much of it is also out of date, most notably the 1993 interception of communications legislation which due to technological changes no longer adequately protects email and other internet communications.
Considered as a whole, therefore, the wider Irish law is inadequate. Given that many of these issues were flagged by the Law Reform Commission in 1998, it is hard to see any justification for the failure to address them to date. Although this Bill does provide for some improvements, it is at best a piecemeal response which will not address similar problems with other forms of surveillance. It is clear that the time has come for comprehensive reform of the overall law relating to surveillance. This Bill is a good first step towards that reform. But it is only a first step, and it would be regrettable if the government were to continue to ignore this area until forced to act by another highly visible crime.
