You might have noticed a story in today’s Irish Independent about the increased use of “mobile marketing via bluetooth”. Paring away the advertising speak, this is simply Bluetooth spam – an unsolicited message sent to your mobile. Email and SMS spam is prohibited by Irish law and if anything, the immediate and intrusive nature of Bluetooth spam makes it even worse. As one marketer points out:
The very intimate and personal relationship between a consumer and their mobile device makes marketing to them a very sensitive issue. When someone’s phone beeps, vibrates or otherwise begs for their attention it interrupts whatever they may be doing at the time.
So why is it currently allowed? The short answer is that the existing law appears to apply only where a message is transmitted over a “publicly available electronic communications network” – such as the Internet – with Bluetooth falling outside that definition.
What can you do if you don’t want to be bombarded with advertising on your phone? The short term solution is to turn the Bluetooth setting on your phone to non-discoverable / non-visible / private (the terminology varies). This isn’t a complete answer (it’s still possible, though harder, to detect phones using this setting) but will allow you to use headsets, etc. while eliminating almost all advertising.
Longer-term, however, it would be desirable to see the existing law dealing with spam extended to cover Bluetooth spam also, probably by reform of the Telecommunications Privacy Directive.
June 9th, 2008
We were sold data retention on the promise that it would be used to deal with terrorism and serious crime. Now the government is trying to water down that promise by redefining serious crime to include very minor offences. Recent news from the UK shows why this is a risk – if left unchallenged, government bodies will eventually use this information for even trivial matters.
From the Telegraph:
Councils have used laws designed to combat terrorism to access more than 900 people’s private phone and email records in the latest example of Britain’s growing surveillance state.
Town hall spies found out who residents were phoning and emailing as they investigated such misdemeanours as dog quarantine breaches and unlicensed storage of petrol.
The news prompted fresh calls from civil rights groups for a reform of the Regulation of Investigatory Powers Act (Ripa), which was originally brought in to combat terrorism and serious crime but is increasingly being used by councils to snoop on members of the public.
In April a council in Dorset used Ripa powers to spy for weeks on a family it wrongly suspected of breaking rules on school catchment areas. Other local authorities have used covert surveillance to investigate such petty offences as dog fouling and under-age smoking….
Bolton Council used the Act to check a person’s mobile phone records as part of an investigation into unburied animal carcasses.
Kent County Council carried out 23 telephone subscriber checks during two inquiries into storing petrol without a licence and into a resident it suspected of bringing a dog into the UK without putting it in quarantine.
And Sandwell Metropolitan Borough Council in the West Midlands carried out 16 phone and email checks, six of which involved an attempt to locate and identify an alleged bogus faith healer
June 5th, 2008
The Irish Times published an opinion piece today from us on data retention. A subscription is required to read it at that link, so here’s the full text:
Violations only made worse by new plans for data retention
The Government is planning an alarming expansion of its surveillance of citizens, writes TJ McIntyre .
SUPPOSE THAT someone was monitoring you every day, writing down your movements, making a note of everyone you talked to, copying the name and address on every letter you posted, and then storing that information for three years. Now suppose that every person in the country was under similar surveillance.
While this might seem like science fiction, since a secret ministerial order of 2002 the Government has required telephone companies to do just that. They are required to track the whereabouts of all users via their mobile phones, to log details (but not the content) of every telephone call made and every text message sent and to store that information for three years.
The Department of Justice now proposes to extend this to the internet, by requiring internet service providers to monitor the internet use of every person in Ireland, recording names, details of every e-mail or instant message sent and every time a user logs on, and to store that information for 12 months.
Moreover, they plan to do this in a way which will limit democratic scrutiny, by using a statutory instrument and not a Bill which would be examined by the Dáil and Seanad.
(Ironically, these proposals were revealed on the same day that thousands of Bank of Ireland customers learned that their confidential data had been stolen.)
This system has been given the bureaucratic and innocuous-sounding name “data retention”. A more apt term, however, is “dataveillance” – surveillance through the use of databases. Unlike traditional targeted surveillance, it involves the gathering of information on all citizens – judge, journalist and jailbird alike – creating a digital dossier of their movements and communications, without any requirement for judicial authorisation or even police suspicion.
What protections are in place to limit the use of this information? The former minister for justice, Michael McDowell, promised that access to these databases would be an extraordinary measure, used to deal with serious crime and terrorism.
However, such safeguards were never implemented. Under current law gardaí can access these databases without a warrant, in respect of any crime (or even possible future crime), however trivial, and in respect of any person (not merely suspects). The result, according to the Data Protection Commissioner, is that more than 10,000 requests are made for this information every year – more than 300 per day.
European law should have changed this, by restricting access to cases of serious crime only. Generally under Irish law a serious offence is one which carries a possible prison sentence of five years or more. However, the current Department of Justice proposals cynically negate this safeguard by redefining serious offences for the purpose of data retention to mean offences which have a possible sentence of six months’ imprisonment.
This will include such crimes as failure to move on when asked to do so by a garda.
There is also a likelihood that others will abuse or simply lose these records. In Germany it was revealed recently that Deutsche Telekom had been using telephone databases to spy on journalists who wrote unfavourably about the company. In the United Kingdom government departments have allowed confidential data on many millions of individuals to be compromised.
Here in Ireland officials in the Department of Social Welfare have been found by the Data Protection Commissioner to be engaged in the systematic leaking and selling of personal information from government databases. There is no reason to think that this information will be treated any differently.
Information gained from telephone and internet records can be valuable in the investigation and prosecution of crime – but there are other ways of ensuring that police can have access to this data without jeopardising the right to privacy.
In 2001 Ireland signed the Council of Europe Convention on Cybercrime, which achieved international agreement on a more proportionate “data preservation” system, which would enable police to mount surveillance and preserve evidence but would avoid blanket surveillance of all citizens at all times.
This system would still have provided for the use of this information in, for example, investigating the Omagh bombing.
But without any explanation, the Government has failed to implement the convention, jumping straight to the more intrusive option of data retention without first testing data preservation.
Privacy is a fundamental right, guaranteed under Irish, European and international law. Being able to go about our everyday business without systematic state scrutiny is an essential part of a democratic society. Data retention is something entirely new – it provides for pre-emptive surveillance of the entire population on the basis that some of them might at some stage commit some crime and that this information might then be of assistance.
In effect, it treats everyone as potentially guilty and as such reverses the presumption of innocence. Such ongoing monitoring of the entire population is remarkable in a democracy and is so excessive and disproportionate as to violate the right to privacy. No evidence has been put forward to show that it is necessary or that less intrusive alternatives would not suffice.
Digital Rights Ireland has brought a High Court challenge to Irish and European data retention laws, which will ultimately determine whether surveillance of all citizens can be compatible with the Constitution and the European Convention on Human Rights.
In the meantime, the Department of Justice proposals to extend data retention to the internet should at the very least be the subject of primary legislation, allowing for a full public discussion of these issues and democratic scrutiny by the Oireachtas.
TJ McIntyre is a solicitor, lecturer in law in UCD and chairman of Digital Rights Ireland
June 4th, 2008