DRI is organising a conference on copyright reform this Friday (21st October) and would encourage anyone with an interest in the topic to attend. The event is free and you can register online at http://www.dublincopyrightconference.com/. Full details:
Innovation, Information and the Internet: Modernising Copyright Law
When: Friday 21st October 2011, 1.00pm – 5.00pm (a sandwich lunch will be served at 12.00)
Where: Presidents’ Hall, Law Society of Ireland, Blackhall Place, Dublin 7, Ireland
The current review of copyright law in Ireland presents significant challenges for rightsholders, copyright users and the legal profession alike. This conference will consider areas where Irish law is in need of reform and in particular will look at the role of copyright in the digital economy, the development of fair dealing exceptions, the role which fair use plays in the United States, and the experience of reform in the United Kingdom.
Speakers will include prominent national and international experts from private practice, academia and government, including:
Prof Dr Martin Senftleben – Faculty of Law, Vrije Universiteit Amsterdam
Ms. Helen Sheehy, Commercial & Copyright Department, Sheehy Donnelly Solicitors
Prof Lionel Bently - Faculty of Law, University of Cambridge
Mr Stephen Rowan – Deputy Director, Copyright and IP Enforcement Directorate, UK Intellectual Property Office
Prof Peter Jaszi – College of Law, American University Washington
Ms. Linda Scales, Solicitor and co-founder of the Copyright Association of Ireland
October 17th, 2011
Recent media reports have confirmed that a Garda detective sergeant will not face criminal prosecution and will keep her job despite abusing the data retention system to spy on an ex-boyfriend.
In November 2010 the annual report of the judge who oversees the data retention system confirmed earlier reports that the sergeant, who then worked in the Garda intelligence division, had abused her position by accessing the phone records of her former boyfriend, tracking details of his communications. It appears that this came to light when the former boyfriend became suspicious that she knew about calls which he had made since they separated, and not as the result of any internal audit or other safeguards. According to the Sunday Times:
Eve Doherty was transferred from Crime and Security, the garda’s spying agency, after she was caught accessing phone records last year.
Her former boyfriend had become suspicious because she allegedly knew details of the calls he had made after they had separated. Doherty has been disciplined, and will remain a member of the force. She is currently seconded to Garda Special Branch, the anti-terrorist division.
Her case was the first of its kind to be highlighted in an annual report prepared for the Dail by a High Court judge, who is assigned to monitor the state’s phonetapping activities. Judge Iarfhlaith O’Neill, who is designated to monitor telephone tapping by the security services, mentioned the case in a report to the Oireachtas in February, though Doherty was not named.
O’Neill said that he investigated a number of alleged breaches of Section 64(2) of the Criminal Justice (Terrorist Offences) Act 2005 which had been “committed by a member of An Garda Siochana”.
Under Section 64(2) no garda below the rank of chief superintendent can request an individual’s phone records from a service provider to aid investigations of criminal offences.
The High Court judge said that the extent of the alleged non-compliance with the 2005 act had been “rigorously investigated and fully understood”.
He said all appropriate steps had been taken to ensure future compliance with the act.
The Director of Public Prosecutions (DPP) decided that, following a garda investigation, no charges should be brought in the case.
That story also reveals that after an internal disciplinary process she will retain her job and will not even be demoted. Incredibly, despite this abuse of trust, the sergeant has been transferred to the Garda Special Branch, where she will continue to have access to sensitive information. The matter was also referred to the independent Garda Siochana Ombudsman Commission which decided not to investigate the matter further.
A number of significant questions are left unanswered. In relation to the specific case: Why was no prosecution brought? Why was it considered appropriate to leave a person found to have abused sensitive records in a position of responsibility, much less the Special Branch? Why was this person not dismissed? Why did a Chief Superintendent sign off on her requests, and will that person be investigated for failing to adequately ensure that her requests were legitimate?
More general questions are also raised: Was this part of a wider pattern of abuse? Is there an adequate internal audit trail of data retention requests? If so, who is responsible for reviewing that trail? Does the designated judge access a sample of requests from the preceding year to ensure that the surveillance was appropriate? If not, what other steps are taken to review the approximately 15 000 data retention requests which are made every year? What are the “appropriate steps” referred to by the judge “to ensure future compliance with the act”?
The Department of Justice response has been simply to pass the buck. According to the Sunday Times again:
The Department of Justice said the handling of the case was a matter for garda authorities. “The case in question concerned access to retained telecommunications data which was governed at the time by the provisions of the Criminal Justice (Terrorist Offences) Act 2005,” said a spokeswoman.
“The act assigned the oversight of the provisions relating to data retention to a designated judge of the High Court.”
Given the lack of adequate sanctions for this abuse and the failure of either the designated judge or the Department of Justice to provide answers to these questions it is hard to see how the Irish public can be expected to have any confidence in the data retention system.
References: “Garda accused of bugging her ex-boyfriend”, The Sunday Times, (20.02.2011) “Garda who spied on her boyfriend will keep job”, The Sunday Times, (14.08.2011)
[Cross-posted from EDRI-gram]
September 2nd, 2011
Today was the last day for submissions to the European Commission consultation on the IP Enforcement Directive and we’re very grateful to Alan Toner for putting together a short submission emphasising some of the many problems with it. Full text after the jump. (more…)
March 31st, 2011
In our last post we mentioned Garda plans to introduce web blocking into Ireland.
One of the many problems with blocking systems is that they require ISPs to take additional steps to monitor users, resulting in real risks to privacy. These risks are amplified in the case of the Garda proposals which – incredibly – would require ISPs to report details of web browsing without any legislative basis whatsoever.
Because of the privacy risks presented by this proposed system, we’ve asked the Data Protection Commissioner to investigate it now, and the full text of our letter (setting out the problems in more detail) is here:
Letter to Data Protection Commissioner Re Garda Blocking Proposals
March 29th, 2011
Last year we revealed that the Department of Justice was working on secret plans to introduce internet filtering in Ireland. Now, despite a complete lack of any legislation, public consultation or democratic discussion, these plans have moved to the implementation stage.
In a letter which was leaked to us, Gardai have asked Irish ISPs to block sites designated by them, and for information about the browsing habits of users who are alleged to have visited these blocked sites. Here’s the full text of the letter:
Garda Letter to ISPs Requesting BlockingThis blocking – part of wider attempts to stop access to child pornography – is certainly well intentioned. But good intentions aren’t enough.
Experience elsewhere has shown that blocking is largely futile – easily evaded and stopping only a very small proportion of material (it wouldn’t cover, for example, peer to peer filesharing or newsgroups). Earlier this month, for example, it was revealed that Dutch ISPs have, for exactly this reason, abandoned what they concluded was “ineffective” web blocking.
Blocking is also a distraction from what should be the main focus of policing – removing material at source and identifying those responsible. Work in Germany has shown that blocking leaves material available indefinitely, when it could easily be taken down by contacting the hosting providers. Here’s an excerpt from that analysis:
The group developed software to select, categorise and geo-locate 167 blocked Internet domains as a representative sample of websites blocked in Denmark at the time of the investigation. “The result is a smack in the face of law enforcement authorities”, says Alvar Freude of the Working Group. “Of the 167 listed sites, only three contained material that could be regarded as child pornography.” Two of these three sites had been blocked in Denmark since 2008, and these are, or least were, blocked in Sweden, Norway and Finland as well. These sites were therefore known for at least two years in several countries, and apparently law enforcement authorities did nothing to try and get this illegal content removed.
This is even more disturbing because the Working Group managed to take down the remaining sites just by sending a few emails. Two of the sites were hosted in the USA, and even during the weekend (Friday, ca. 10 p.m. EDT) they were removed by the hosters within 30 minutes. On the following Tuesday, the third website was taken down by its registry in India, three hours after notification.
More fundamentally, however, even if blocking were effective then it should only be introduced in accordance with the norms of a democratic society – after public debate, based on legislation and subject to judicial oversight. Instead, what this Garda letter seeks to do is to introduce blocking unilaterally (bypassing even the industry representative bodies ISPAI and ALTO) by means of private contracts with individual ISPs. The result would be that sites could be blocked without any judicial oversight or approval being required and in a way which could easily be extended beyond child pornography in the future. There would be no independent oversight of the list of blocked sites – something which is particularly worrying given that leaks of blacklists in other jurisdictions have shown that many entirely innocent sites have deliberately or inadvertently been blocked. In Australia, for example, the blacklist has been leaked, with the result that:
about half of the sites on the list are not related to child porn and include a slew of online poker sites, YouTube links, regular gay and straight porn sites, Wikipedia entries, euthanasia sites, websites of fringe religions such as satanic sites, fetish sites, Christian sites, the website of a tour operator and even a Queensland dentist.
There will also be extensive collateral damage. This is because the proposed system relies on blocking domains and subdomains – that is, blocking everything on example.com even though the only material involved might be on example.com/users/johndoe123. Consequently, Irish citizens will find themselves unable to access entire domains based on allegations against one individual page, image or user. This is not a theoretical risk – it has already happened to O2 users who found the entire image hosting site IMGUR blocked due to a similar system operated by O2.
In short, therefore, the blocking system which Gardai have sought to impose on ISPs is worrying. It is ineffective at achieving its goals, certain to cause extensive collateral damage to perfectly legal content, and prone to function creep whereby it can be used to target other material in the future. These problems are compounded by the fact that it has no legal basis or judicial oversight.
What can you do about it? Internet filtering falls within two departmental functions, and is the responsibility of both the Department of Justice and the Department of Communications. A good start would be to contact each Minister expressing your concerns.
Pat Rabbitte is the Minister for Communications, Energy and Natural Resources and his contact details are here.
Alan Shatter is the Minister for Justice and Law Reform, and his contact details are here.
You should also consider contacting your ISP and letting them know your concern about these proposals.
We’ll be doing more on this shortly – watch this space.
March 29th, 2011
Mark Tighe has an important story in today’s Sunday Times about apparent abuse by a garda of the data retention system. Unfortunately it’s behind a paywall, but I’ve taken the liberty of scanning the hardcopy and placing it here as it raises a number of fundamental questions about the safeguards which are in place against abuse and the likelihood of further abuse now that the 2011 Act has extended data retention to internet use also.
Garda accused of bugging her ex-boyfriend
Mark Tighe
A FEMALE garda suspected of obtaining the phone records of her ex-boyfriend has been reported as the first person who may have breached phone-tapping rules introduced in legislation in 1993.
The case is highlighted in a report prepared by Iarfhlaith O’Neill, a High Court judge designated to monitor the state’s phone-tapping activities.
Security sources say that the case involves a garda who was stationed in the force’s crime and security division, which carries out spying and intelligence services. The garda is accused of obtaining phone records of her former boyfriend to track his movements and activities after they separated. The man became suspicious and complained to gardai because his ex-girlfriend allegedly knew s details of calls he had made.
In a report to the Oireachtas earlier this month, O’Neill said that he investigated a number of alleged breaches of Section 64(2) of the Criminal Justice (Terrorist Offences) Act 2005. Under Section 64(2) no garda below the rank of chief superintendent can request an individual’s phone records from a service provider to aid investigations of criminal offences.
O’Neill said: “These breaches are alleged to have been committed by a member of An Garda Siochana.”
“As a result of my investigations, I was concerned that these breaches may have occurred. These alleged breaches are now the subject matter of a criminal investigation and also disciplinary proceedings under the garda disciplinary code.”
O’Neill said that the extent of the alleged non-compliance with the 2005 Act had been “rigorously investigated and fully understood”. He said all appropriate steps had been taken to ensure future compliance with the act.
The rest of O’Neill’s report states that on November 18 last year he attended garda headquarters, then army headquarters in McKee Barracks and later the Depart¬ment of Justice offices on St Stephen’s Green.
In each location he reviewed documents relating to phone tapping and phone records and spoke to people involved in the operation of the act. He said that all his queries were answered to his satisfaction.
“As a result of the forgoing, I am satisfied that there is, as of the date of this report (November 26, 2010) full compliance with the provisions of the above acts,” he said.
A spokesman for the Data Protection Commissioner (DPC) said that gardai had informed it of the apparent data breach last June.
Gardai refused to comment on the case.
Gardai and the Department of Justice have refused to release details of how many requests for phone records or how many phone taps are authorised each year. They say that such information is sensitive.
The Labour party has called for a review of the powers given to gardai to access personal records and said they should only be used in exceptional circumstances.
In 2007 the DPC said that, based on audits of phone companies, it estimated gardai were making 10,000 requests for citizens’ phone records each year. Security sources say the figure is now likely to be closer to 15,000 as gardai regularly seek phone records to aid investigations.
Despite its resistance to publishing details about requests to access the phone records of private citizens, Ireland may be forced to do so by a 2009 European Council directive.
The directive requires member countries to legislate to provide their data protection commissioners with the number of requests made for phone records and the legal justification invoked.
Some quick thoughts:
The references to bugging and phone-tapping are misleading – what is alleged here (as I understand it) is that the garda accessed the phone records of her ex rather than actually listened to the contents of telephone calls.
There are, unhelpfully, no details given in the report as to how the abuse came to light or what changes will be made in future to prevent further abuses. (Continuing a fine tradition of opacity.) But a number of questions spring to mind.
When did the alleged abuse take place, and how long did it take before it was uncovered? Was the abuse discovered purely by chance? Is there an adequate internal audit trail of requests which are made? If so, who is responsible for reviewing that trail? Does the designated judge access a sample of requests from the preceding year to ensure that the surveillance was appropriate? If the designated judge will not provide this level of detail in the annual report then the Minister for Justice must do so to the Oireachtas if the public are to have confidence in this system. While the particular details of this case cannot be discussed until any criminal trial is concluded, it is remarkable that there is absolutely no discussion of the systems-level controls which are (or are not) in place.
Finally, when data breach notification is finally introduced as a legal obligation (whether under the revised e-Privacy Directive or the Data Protection Commissioner’s Code of Practice) will it include a right to be notified of this type of breach also? Note that the Directive appears to impose a notification obligation on telcos only.
For more background on the allegations behind this story, see this Mail on Sunday piece from last year.
[Cross-posted from tjmcintyre.com]
February 20th, 2011
The Department of Justice and various Irish ISPs / telecommunications providers have been in negotiations for some time now as to how the Data Retention Bill will be applied once passed. The first draft of an agreement between them was leaked in September 2009 – now a second draft of this agreement has been leaked and is available here. Again, it is important to ask why this document is being drawn up in secret. As Karlin Lillington wrote when the first version of this document was leaked:
A secret memorandum of understanding between State agencies and the communications industry on how to implement the as-yet non-existent Government data retention legislation, confirms longstanding concerns about who is managing the data retention agenda and to what end.
With data retention, it appears that the tail is wagging the dog, in blatant disregard for proper democratic legislative process. The agencies that want access to our call and internet data are bypassing the Oireachtas, which at least theoretically, is the body that draws up and implements legislation..
No doubt, the argument will be made – and indeed is, within the body of the 13 page memorandum – that the document exists to help streamline the process by which our data are requested and handed over to various bodies that will now be allowed to look at it. Or as the memorandum states: “to promote efficient and effective standards of co-operation between the State and the Communications Industry.”
But it is not the business of the agencies to arrange any such matters privately with the communications industry, especially in the absence of actual legislation, or any public discussion or input, or any significant Oireachtas debate on a Bill that has only recently been published and not yet debated.
A data retention bill has not been passed by the Oireachtas yet, so this extraordinary “agreement” is based on sweeping assumptions, not articles of law.
More startling is the fact that agencies and industry are making such secretive plans for co-operation at all. It is the job of the Oireachtas and, ultimately, the courts to determine how legislation will be interpreted and implemented, not the Garda Commissioner, the Revenue Commissioners or the Defence Forces by private agreement.
September 20th, 2010
In a week when whistleblowing by an anonymous blogger was crucial to exposing problems in the Irish Red Cross it becomes all the more important to stand up for the right to online anonymity. The following is an attempt to make the case for the social value of anonymous speech. A shorter version appeared in today’s Sunday Times (behind a paywall so no link, alas.)
In defence of online anonymity
Earlier this week Declan Kiberd decried “masked and anonymous ranters who use the media to vent,” praising instead those “honest people who write letters to the editor” and supply their name and address. In another recent article Jim Glennon wrote that anonymity “facilitates bitterness, vitriol and, at times, sheer poison” making the internet “a playground for cranks” who are invulnerable “to identification or retaliation”.
These comments don’t recognise any positive aspects to anonymous speech. But the last point from Jim Glennon inadvertently illustrates why many people are concerned that the things they say online might be connected to their offline identities. Retaliation is a real risk – the case law is full of examples of retaliation for such things as expressing unpopular views, blowing the whistle on wrongdoing or speaking out in favour of a union.
This point can sometimes be overlooked by those who are in a position of power. Professor Kiberd, for example, enjoys by virtue of the Universities Act the academic freedom “to question and test received wisdom, to put forward new ideas and to state controversial or unpopular opinions” without fear of being penalised by his employer. Others, however, may not be so fortunate.
Even leaving aside fears of retaliation, there are many reasons why anonymous speech can be a good thing. While anonymity can sometimes be used to tell lies, very often it instead promotes honesty. Irish society can place a premium on keeping up appearances and putting on a brave face, in a way that makes it difficult to admit to weakness. Visit discussion forums, however, and we often find that anonymity enables users to be more honest about difficult subjects such as their relationships, their finances or their health.
Anonymity can also mean an improvement in the quality of debate. As Mr. Glennon notes, we should “analyse the arguments being advanced, and not those by whom they are being advanced”. As human beings we are naturally keen to know who is speaking, to put a face to an opinion. But the anonymity of internet discussion enables us to judge arguments on their merits, leaving our prejudices behind.
Indeed, while there is an understandable tendency to be fearful of modern technology none of these points are new to the internet. It should not be forgotten that many great works of literature have been produced anonymously or under assumed names. One of the giants of Irish writing, Jonathan Swift, published all his satirical works either anonymously or under a pseudonym.
None of this is to say that online anonymity should be absolute. In criminal cases – such as the recent attack on the CAO website – the law allows for user identities to be revealed to Gardaí as part of an investigation. Apart from criminal cases, however, anonymity should be taken away only in very narrow circumstances. In an important decision in 2005 the High Court ruled that internet users enjoyed a right to “confidentiality of identity” and held that this right should not be set aside by a court unless there is “very clear proof of wrongdoing”.
In general, this ruling strikes a reasonable balance between the privacy rights of users and the rights of parties who claim that they have been the victims of wrongdoing. It also allows a court to refuse identification where it is sought for some ulterior motive.
For example, in a 2006 case Ryanair applied to the High Court to identify anonymous Ryanair pilots who posted comments on a union website. Ryanair claimed that they needed the identities to protect other staff from intimidation and threats – the High Court, however, found that there was no evidence of intimidation or threats and the real purpose behind the action was to “break the resolve” of the pilots seeking better conditions of employment. Consequently the court refused to order disclosure of the pilots’ identities.
This approach is far from perfect, however. Although in theory wrongful applications to identify can be challenged, in practice this seldom happens. The only reason that the High Court was able to consider the merits of Ryanair’s case was because the union behind the pilots’ website was able to stand up for the rights of its members. If Ryanair had tried to identify the pilots using some other method – suing their internet service provider (ISP), for example – then it is likely that the application to identify would have gone unopposed and the pilots been improperly unmasked.
Unlike other jurisdictions such as the United States, Irish law fails to ensure that users are notified of attempts to identify them and given an opportunity to oppose the application. Consequently in most cases Irish users are dependent on their ISP to make a case on their behalf. ISPs, however, have no commercial incentive to do so.
As a result, although the law is supposed to balance the rights of the parties before ordering identification, the court will generally hear only the plaintiff’s version of events. If Irish law is to fully protect anonymous speech online then it will be important to ensure that users have a right to be heard before their identity is revealed – notification afterwards is too little, too late.
TJ McIntyre is chairman of Digital Rights Ireland, solicitor and lecturer in law in UCD
August 29th, 2010
[Cross-posted from EDRiI-Gram]
The Irish mobile operator O2 has acknowledged accidentally blocking the
image hosting website IMGUR through its system for blocking alleged child
abuse material. There appears to have been no indication that there was, in
fact, any illegal material hosted on that site. Furthermore, it is not
obvious on what basis O2 could have made the decision to undertake the
blocking.
In a statement provided to the Irish hotline, which was not published but
simply made available to people who enquired about the problem, O2 explained
that “the technology behind the service (to block child abuse images) is
more far reaching than anticipated and on occasion a site which should not
be blocked may be.” It is impossible to tell how many other innocent, but
smaller and therefore less noticeable, websites are similarly blocked by
accident, due to this “far reaching technology.”
O2 undertakes its blocking system on a voluntary basis, despite the fact
that, according to the European Commission, “such measures must indeed be
subject to law, or they are illegal”(according to the Commission’s impact
assessment on the draft Directive on child exploitation). Nonetheless, the
European Commission is also now supporting such extra-judicial measures and
it is now also proposing to use taxpayers’ money to fund them.
A six million euro call for proposals launched in June 2010 refers to
funding for “blocking access to child pornography OR blocking the access to
illegal Internet content through public-private cooperation”. This call, by
the Commission, for “self-regulatory” blocking of allegedly illegal content
in general was made just a few weeks after Commissioner Malmström explained
at a conference that “the Commission has absolutely no plans to propose
blocking of other types of content – and I would personally very strongly
oppose any such idea”.
It is likely that further deliberate and accidental blocking of websites
will now spread in Ireland, due to the fact that the Irish former monopoly
Eircom agreed to block sites accused of containing unauthorised material,
while mobile operator Vodafone has reportedly also indicated that it will
introduce extra-judicial measures against any of its customers repeatedly
accused of infringements.
Many blogs and online message boards accused the Irish Internet hotline of
having prepared a faulty blocking list and this was what led to IMGUR being
blocked. As the Irish internet hotline does not prepare a blocking list, but
simply acts in its capacity as a hotline, these allegations were incorrect.
Background links:
Commission impact assessment – Accompanying document to the Proposal for a
Council Framework Decision on combating the sexual abuse, sexual
exploitation of children and child pornography, repealing Framework Decision
2004/68/JHA – Impact assessment {COM(2009) 135} {SEC(2009) 356 (25.03.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC0355:EN:NOT
Irish Internet hotline
http://www.hotline.ie
Vodafone in line to join file-sharing clampdown (16.06.2010)
http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html
European Commission call for proposals: “Prevention of and fight against
crime”
http://ec.europa.eu/justice_home/funding/isec/doc/tc2_call_2010_en.pdf
Commissioner Malmström speech: “Combating sexual abuse, sexual exploitation
of children and child pornography: the Commission’s proposed Directive”
(6.05.2010)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/Speech%20%20Malmstrom%20-%20Combating%20sexual%20abuse%2006_05_2010.pdf
[By Joe McNamee - EDRi]
July 14th, 2010
Previous Posts
