DRI condemns backdoor implementation of surveillance laws
January 19th, 2008
Government proposals to introduce surveillance of all internet users are unacceptable. The proposed law will require Internet Service Providers (ISPs) to log details of every email, every instant message or chat message, and every time users log on or log off, and to store that information for up to 18 months. This information will then be available without any court order or warrant. These proposals, implementing European law, are being drafted without public consultation and would be implemented by a statutory instrument. There will be no scrutiny by the Oireachtas.
It is incredible that the Government proposes to introduce a law which would require every Internet user to be monitored without any warrant or prior judicial approval, without any public consultation and without any debate or vote in the Oireachtas. A law of this gravity should not be made by stealth.
The Department of Justice appears to be relying on the “urgency” of the matter to justify bypassing the Dail and Seanad. But the European law being implemented was passed in February 2006. The Department has had two years to introduce a Bill and it cannot rely on its own delay to justify sidelining democratic scrutiny.
In any case, it is inappropriate to implement this law whilst it is under court challenge. The Irish government itself has challenged the validity of the law before the European Court of Justice. Digital Rights Ireland has also brought a High Court action challenging the European law. These proposals will effectively pre-empt the judgment of the courts.
Entry Filed under: DRI, Data Retention, Mass surveillance
27 Comments Add your own
1. Derry | January 20th, 2008 at 2:05 am
I can’t believe this is actually happening. Every time they log on and off? Are they checking router power cycle times or something?
Time to start using jabber for IM.
2. MyName | January 20th, 2008 at 6:26 pm
Isn’t it funny how Ireland has been in breach of some European laws for years and even after court challenges they don’t do anything but this law has to be implemented within the month.
3. MyName | January 20th, 2008 at 6:29 pm
Link to directive (This is different to a law?):
4. SomeoneElse | January 20th, 2008 at 6:52 pm
Article 15 of that document:
3. Until 15 March 2009, each Member State may postpone
application of this Directive to the retention of communications
data relating to Internet Access, Internet telephony and Internet
e-mail. Any Member State that intends to make use of this paragraph
shall, upon adoption of this Directive, notify the Council
and the Commission to that effect by way of a declaration. The
declaration shall be published in the Official Journal of the European
Union.
This suggests it isn’t as time critical as suggested.
5. Heidi | January 20th, 2008 at 6:55 pm
Could businesses be considered services providers if they give people email at work?
Would businesses have to record and store this information for 18 months also?
6. Jimmy | January 20th, 2008 at 6:56 pm
Why was this announced/reported on a Saturday?
7. Paddy | January 20th, 2008 at 6:59 pm
Will this afect people’s hotmail or gmail accounts? If so how? If not then the whole email part of the directive is nothing but a burden on service providers if nothing else.
8. Paddy | January 20th, 2008 at 7:01 pm
And we needn’t worry about our government losing data because goverments never lose data. Oh! Hi to you England!
9. James Hogan | January 20th, 2008 at 9:04 pm
Google stores your information only if you tell them it’s ok. A law to store such data would be of benifit to an garda but I still don’t like it. Leave my data alone!! I’m willing to take the risk.
10. Jerry Cronin | January 20th, 2008 at 10:45 pm
This is f**king retarded. We’ve seen how easy it is to loose information, and now the _GOVERNMENT_ wants to store it? _ALL_ of it?
To do what with it? So that they can loose our Credit Card numbers, amongst other information, in the next 18 months?
Oh, and how easy would it be to do a search of it by area? I can already see someone searching for keywords to fill holes in their investigation.
Maybe someone in the EU wants their own version of echelon?
11. barry | January 21st, 2008 at 10:28 am
From the Directive –
“It is essential that Member States adopt legislative measures
to ensure that data retained under this Directive are provided
to the competent national authorities only in accordance
with national legislation in full respect of the
fundamental rights of the persons concerned”
Could some of the lawyers on here explain to this non-lawyer whether Ireland meets this requirement??
12. Jimmy | January 21st, 2008 at 10:51 am
Anyone in the hosting/ISP industry already is aware of this directive, and their heads are wrecked with teh actual physical implementation of this. Log files for a Shared Hosting server can get up several hundred megabytes in 24 hours. Thats just covering maybe 700 domains. Monitoring and storing all that info is going to be a pain
The Govt should be providing a fairly substantial grant/tax incentive for any company that is going to implement this. The alternative is that all the major players band together and say to the govt “bugger off, you wanted it, you implement it”
13. TJ | January 21st, 2008 at 6:26 pm
Someone else – Ireland didn’t avail of that derogation. Other member states have much longer in which to implement.
Heidi – this depends on the precise manner of implementation. Businesses are not necessarily covered by the directive in respect of their own emails.
Paddy – webmail is covered if the provider is based in the EU. Of course it’s trivial for someone to avoid this by using a non-EU provider.
Barry – this depends on whether the implementation has strong safeguards. However, our existing law is lacking significant safeguards, as the Data Protection Commissioner has pointed out on several occasions.
14. Frank | January 21st, 2008 at 8:35 pm
This proposal is a disgrace and an invasion of privacy and should be strongly opposed by everyone. Why should anyone have access to whom I send e.mails – unless I am involved in an illegal activity, in which case they can get a court order.
People who say that ‘if you are doing nothing wrong, you have no need to worry’ – but that misses the point of how this could be totally misused. This proposal to record e.mails is no different from saying that all letters that are sent should have the sender’s and the receipient’s names recorded – but there would be outrage if that was proposed. And the suggestion that it will only be used in the battle against crime and terrorism is a red herring – do the authorities seriuosly think that the criminals and terrorist would continue to use the internet if their communications could be tracked?
Wake up people of Ireland, before it is too late – and this government want us to vote ‘Yes’ to The Lisbon Treaty (ie EU Constitution, under a different name) and give even more power to the unelected EU bureaucrats, who will continue to bring in further legislation of this nature which our goverment will not be able to prevent. This can be and will be abused – remember our own famous phone tapping case by a former Irish Minister for Justice who abused his position to tap into the phones of two journalists. With this proposal, a court order isn’t even needed.
THIS IS A BREACH OF YOUR FUNDAMENTAL RIGHT TO PRIVACY – JUST ASK YOURSELF, WOULD YOU ALLOW THE AUTHORITIES TO RECORD THE DETAILS OF YOUR ORDINARY LETTERS – I THINK NOT AND E.MAIL IS JUST AN ELECTRONIC FORM OF LETTER.
15. steve white | January 21st, 2008 at 9:13 pm
Are you challenging the fact it won’t have to passed by a judge first also?
16. javaman | January 21st, 2008 at 9:57 pm
Paul Walsh – I eagerly await your audio on this.
17. spy | January 21st, 2008 at 11:58 pm
Consider recent examples of worker(s) within Dept of Social & Family Affairs abusing position (and access to data) to leak sensitive information for criminal gain.
Some govt. depts. are inept with their own data security, I would hate to see what they would make of something of this magnitude.
The govt. have not established a track record of competance in this area…this just provides more potenial to screw up.
18. Administrator | January 22nd, 2008 at 8:29 am
Steve White – Yes. The fact that this surveillance doesn’t require a judge issued warrant is critical. At the moment there is only an internal Garda procedure to act as a safeguard.
19. dom | January 22nd, 2008 at 2:53 pm
and it will get certainly worse as an example from Germany may teach us: even before the corresponding german law was in effect, companies prepared measures to get hold of these private data. The most famous excuse: breaches of copyright…
20. Terence | January 22nd, 2008 at 3:25 pm
This law is simply a direct attack on our privacy. The government has no right snooping in on our private email and internet surfing.
It can only lead to a gross abuse of power and have a negative Orwellian effect on our freedoms.
21. Paul Walsh | January 22nd, 2008 at 4:00 pm
Dom,
You mentioned something about Germany. Would you mind giving me a link as I am not too sure what you are referencing.
To the Administrator, have ayou got an RSS feed I (or we) can subscribe to, cos as far as I know if I want to read updates here, I have to keep visting this site.
22. dom | January 22nd, 2008 at 5:39 pm
@Paul Walsh: this is kind of special with the german legal system.
At all times a (internet/phone or similar) provider in Germany stored connection data for six months for accounting reasons only and was obliged to delete them afterwards. Within this period access to the data was possible on a court decision or for secret services to prevent “terror”. With the new law on data retention that came into effect this January any connection data must be stored for a duration of 6 months. (In fact there is a difference between these, as until last year most internet connection data -as mostly accounted for by a flatrate- was not allowed to be stored) These new data must be revealed to police forces and/or state lawyers on a criminal court decision to prevent serious crimes or to prosecute them. There is no regulation for a direct access by executive forces to these new data, so they must be kept seperate. In fact NO provider has developed means to do this, yet. Beyond the data retention there is also a new law to strenghten “rights of intellectual property”. This should provide instruments to access connection data due to a civil court decision, but just those who are held for accounting purposes as the new telecommunication law targets only “serious crimes”. Nonetheless, even before the later law was in effect, the entertainment industry and their lawyers tried to get hold of connection data directly from providers. As said above there is up to now no procedure in place to keep both types of connection data seperated yet. (Most providers said this openly, as there are no fines due to the new telecommunication law until 2009 in effect.) Since January companies still try to approach providers directly and beyond that to get hold of both kind of data. (Unfortunately I am not aware of english news about this topics and can therefore provide no link – but i.e. http://www.heise.de gives loads of german news about it)
23. red_hood | January 22nd, 2008 at 9:52 pm
Hi!
There is some information about data retention in Germany on
, which is a workgroup dealing with the new law.
But why does the Irish government want to enact such a law or directive?
There has been long struggle for the freedom people have today, so why has it become worthless over night?
24. red_hood | January 22nd, 2008 at 9:54 pm
Sorry, link did not work, here it is:
http://www.vorratsdatenspeicherung.de/index.php?lang=en
25. David | January 22nd, 2008 at 10:39 pm
I can see people getting up in arms if this measure were to be put into a postal context.
Let’s just say you were required to:
1) write your full name and address on the outside of every letter sent.
2) allow An Post to open the letter, scan or photocopy the contents.
3) make the contents searchable
4) store this data for years..
Or, if your phone company were required to record all the telephone calls you make and store your voicemails on file for several years.
Why is this being done?
Is it simply a case of “because we can” …
We’re sleep walking into a situation where we’re going to be as monitored as people were behind the Iron curtain by the Stazi, the KGB and other secret police organisations.
It’s utterly ridiculous. Do the police forces really think that the solution to everything is to put everyone’s personal lives into a giant google database and just search for crime!
It’s utter madness and I can tell you one thing, any Irish political party who stands by the introduction of such a measure will NEVER get a vote from me again.
26. Paul | January 25th, 2008 at 8:52 pm
This is nuts. Europe shouts and Ireland bends over. There is no need to hold this information unless the Govt/Gardai intend mass surveillance on some level. The idea that they have unwarranted access to personal data without a legal court order is beyond comprehension in what is considered a first world country. Even my post decrying this measure could in some circles be considered ‘Subversive” and anti-establishment and could lead to me being singled out for harassment in the near future should this be allowed to be implemented. No No No. Why is this so quiet? why are the main stream media not reporting this. We are walking into a police state like the US and UK. Giving our hard earned freedoms won by patriots away to faceless bureaucrats in brussles is tantamount to treason., This Government should be dissolved due to its corruption and ineptness and what could be accounted as criminal activity. ‘No’ to Lisbon
27. Raymo | March 4th, 2008 at 3:27 pm
Germany: New Basic Right to Privacy of Computer Systems
Thought it might be of interest here that the German COnstitutional Court has introduced a new ‘basic right to to the confidentiality and integrity of information-technological systems.’
http://bendrath.blogspot.com/2008/02/germany-new-basic-right-to-privacy-of.html
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Subscribe to the comments via RSS Feed