1) this isn’t information held by a company itself, but by telcos and ISPs, administered generally by very low level employees. I have been told at a senior level, of regular instances where such people have already been put under pressure to reveal info about and in user accounts.

2) companies do not hold on to other companies’ and customers’ data for one to two years for data mining. They are legally only able to hold personal data for 6 months for specific purposes

3) I know at least one major employer multinational tech company was so concerned about proposed retention here that they have it under legal scrutiny at US HQ. In particular businesses with data centres and internet related businesses are concerned

4) a number of significant tech business leaders/organisations wrote the minister recently to express concern this legislation could have on inward investment and indigenous companies

5) businesses are definitely concerned at how revealing retained call and email data is — just seeing who a competitor is talking to is sensitive. Though the ’state’ didn’t have access to surveillance info in the UK it is known such info was used to win contracts for national companies — this has been documented in a couple of reports.

The fact is that after the DOJ/Microsoft trial, no company is happy having its own call/email data stored in additional locations. Storing it yourself is a lot different from having it at the local telco… Eircom hackers, anyone?

I have to ask, is this not part of EU wide effort agreed back when McDowell was minister for justice so I’m not so sure that this will cost 10,000s of jobs if the EU states are operating on a consistent basis. A problem could arise if we were significantly out of step with other EU states or otherwise not.

As for the corruption/misuse argument, this data isn’t being stored by public bodies it is being stored by the data collectors themselves and the state is requiring that of them. It’s not like civil servant X can be bribed to be able to peak into your IM history as hosted by Microsoft or Google, simply because civil servant X has no access to that data. A Microsoft or Google employee on the other hand might have direct access and has that access now. So if you’ve looking to bribe someone then the person with access is the one to go after.

All these data collectors are storing stuff for their own data mining purposes anyway. So what is the concrete change? Well, a state defined length for one thing and also that the state can look for access in the course of an investigation into a crime.

As for this idea about “I know if I were investing in the country or had highly sensitive intellectual property, I would certainly be very concerned about investing in a country with that kind of an approach to data security.” Why is “highly sensitive intellectual property” suddenly at risk from a requirement that it be retained for 2 years? You realise that any organisation worth its salt is backing up and archiving all its information as a matter of course. So how does this materially change things?

“Someone with access to e-mail, instant message or telephone records could provide information which could show high-level communications taking place between certain companies or certain individuals. It could cause a leak of information about an impending merger, calls to a regulatory body etc.” Someone does already have that access, the data collector does. If you’re that concerned about data snooping then don’t use any of the online email systems and instead get yourself an inhouse solution and watch your own staff or your commercial competitors instead of wondering about the state. Again the state is not storing this information and does not have live access to it.

Given that the legislation is about the retention of data what has any of this to do with leaks of live information or “impending mergers” that the state has no live access to. The state is requiring that data be retained for later scrutiny and analysis, there are sensible concerns to be raised about that but this sort of comment about the public sphere looking into live information is not one of them.

If you consider that Ireland has attracted several major data centres, notably Google and Microsoft, you would have to wonder how these companies would react to the imposition of a requirement for them to retain details of every email and instant message sent across their networks simply so that the Irish authorities could do investigations in retrospect for crimes that have not yet happened.

I would be very concerned that this kind of information may not be adequately protected, and could be end up falling into the wrong hands.

What would stop someone from bribing a corrupt Government official, revenue official, member of the Gardai or the defense forces ? While I’m sure that 99.999% of them are totally law abiding and upstanding citizens who would never do such a thing, there is always that risk. It’s not like Ireland’s public bodies have a fantastic track record in this regard i.e. planning corruption, the various incidents of unusual behaviour by Gardai in Donegal etc.

I know if I were investing in the country or had highly sensitive intellectual property, I would certainly be very concerned about investing in a country with that kind of an approach to data security.

Someone with access to e-mail, instant message or telephone records could provide information which could show high-level communications taking place between certain companies or certain individuals. It could cause a leak of information about an impending merger, calls to a regulatory body etc.

Frankly, I don’t think this state (or any state) has an ability to guard against this kind of abuse of data. Thus it simply should not be retained.

I think this legislation is not properly thought out. The ramifications of its introduction could cost us tens of thousands of jobs and could drive serious amounts of intellectual capital off shore as IT-based companies, and high-tech companies who deal in intellectual property may opt to leave Ireland or not invest here.

Even our own home-grown companies may opt to off-shore. This is already the case, as we have seen one or two major discussion forums opt to host in the United States to avoid having to deal with Irish Libel laws. While that may not sound like a big deal now, these are the ‘new media’ and if everything’s being hosted over-seas that is costing Irish jobs and is costing tax revenue.

I really think the Irish Government has completely lost the plot!