Posts filed under 'Data Retention'
The European Court of Human rights gave a decision earlier this month in Copland v. UK which will be very helpful to us in arguing our data retention case. Ms. Copland worked in a Welsh college as a personal assistant, and discovered that the college was secretly monitoring her telephone, email and internet use. She claimed that this amounted to a breach of her right to privacy under Article 8 of the European Convention on Human Rights. The UK government admitted that monitoring took place, but claimed (using the same arguments trotted out in the data retention context) that this did not amount to an interference where there was no actual listening in on telephone calls or reading of emails:
Although there had been some monitoring of the applicant’s telephone calls, e-mails and internet usage … this did not extend to the interception of telephone calls or the analysis of the content of websites visited by her. The monitoring thus amounted to nothing more than the analysis of automatically generated information … which, of itself, did not constitute a failure to respect private life or correspondence.
The Court disagreed, holding that this monitoring and storage of details of telephone and internet use was itself an interference under Article 8:
43. The Court recalls that the use of information relating to the date and length of telephone conversations and in particular the numbers dialled can give rise to an issue under Article 8 as such information constitutes an “integral element of the communications made by telephone” (see Malone v. the United Kingdom, judgment of 2 August 1984, Series A no. 82, § 84). The mere fact that these data may have been legitimately obtained by the College, in the form of telephone bills, is no bar to finding an interference with rights guaranteed under Article 8 (ibid). Moreover, storing of personal data relating to the private life of an individual also falls within the application of Article 8 § 1 (see Amann, cited above, § 65). Thus, it is irrelevant that the data held by the college were not disclosed or used against the applicant in disciplinary or other proceedings.
44. Accordingly, the Court considers that the collection and storage of personal information relating to the applicant’s telephone, as well as to her e-mail and internet usage, without her knowledge, amounted to an interference with her right to respect for her private life and correspondence within the meaning of Article 8. (emphasis added)
Although these principles aren’t new, it’s still useful to have them so clearly restated in a way which is directly applicable to data retention under both Irish and European law.
(Many thanks to Daithí for bringing this to our attention.)
April 16th, 2007
A while ago we explained that the reason why you hadn’t heard more about the data retention case was that the State defendants were sitting on their hands and had failed to put in their defence as required by law.
Our legal team brought them to court on the 19th of February, at which point an order was made requiring the defendants to put in their defence. The defendants are now in breach of that court order also. Consequently, our lawyers will be returning to the High Court on the 30th of April seeking judgment in default of defence.
April 12th, 2007
It’s been some time coming, but we’re glad to see the Labour Party shares our concern about data retention:
The Labour Party Spokesperson on Justice, Deputy Brendan Howlin TD, has called for a review of the operation of powers given to the Gardai under the 2005 Criminal Justice (Terrorist Offences) Act to access personal telephone records, following information given to the Sunday Times by the Data Protection Commissioner that 10,000 such requests had been made by the Garda authorities during 2006.
This measure was added on as a last minute amendment to the Bill by the Minister for Justice, Michael McDowell, when it was going through the Dail in 2005 and was never properly debated by the House. While there was acceptance that such a power might be necessary to fight international terrorism or organised crime, I do not believe that any member of the Oireachtas envisaged that the power would be used so often. This amounts to almost 30 requests for every single day in 2006.
Given the extensive use by the Gardai of what should be an exceptional power, it is hard to disagree with the conclusion of the Assistant Data Protection Commissioner, that ‘perfectly innocent people are now having their private records pored over’.
I strongly believe in the light of these disclosures and the concerns expressed by the Data Commissioner’s Office that there is now a need to urgently review the operation of the powers and to establish if we need to strengthen the protection available to the public against potential abuses. The 2005 Act allows for the public to make a complaint to a ‘Complaints Referee’ but the fact is that a person has no way of knowing whether or not their records have been accessed by the Gardai in order to make a complaint. The Act also provides that the High Court Judge designated under the 1993 Interception of Postal Packets and Telecommunications Messages (Regulation) Act to review the operation by the Gardai of telephone tapping would also review the new provisions in regard to requests for telephone records, but as far as I am aware no report has yet been published.
The Gardai are entitled to all reasonable powers to enable them to fight international terrorism and organised crime, but there have to be safeguards built in to ensure that these exceptional powers are not used except in the circumstances envisaged by the Oireachtas. The 10,000 requests lodged during 2006 that the balance intended by the Oireachtas has not been achieved.
February 26th, 2007
We were delighted to be invited to Limerick last weekend for the very enjoyable SkyCon where TJ gave a talk on whether we are “Sleepwalking into a Surveillance Society?”
The talk got off to a promising start when we were met with this sign at the door:
For more on “Sleepwalking into a Surveillance Society?” see the comments of the English Information Commissioner and his Report (PDF) which compares the Surveillance Society of 2006 with a possible Society of 2016.
February 19th, 2007
You might be wondering why you haven’t heard more about our case against the Government over data retention. This is because the defendants, despite being well out of time, have failed to put in their defence. In non-legal terms, this would be rather like a soccer team simply failing to show up for a match. Why the Government is so reluctant to respond to our case we don’t know – but we’ve given them ample time to do so, and to prevent further stalling we’ve now filed a motion with the court requiring them to put in their defence so we can proceed with our case.
January 19th, 2007
Peter Hustinx, European Data Protection Supervisor:
Terrorism and organised crime should not be used as excuses for passing laws which undermine people’s privacy and data protection rights … It is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime … Good data protection actually goes hand in hand with legitimate crime fighting because it increases the quality of databases and at the same time makes sure that only the right people can access them.
September 21st, 2006
We are at the edge of Europe, but our legal action challenging mass surveillance has implications for the whole European Union. We are the only group bringing a legal challenge and we need your support. We need support on a number of fronts:
- We need you to spread the word. If you have a web site or blog tell your readers about mass surveillance and link to us.
- In particular, it is important that we get Europe-wide blogger and media coverage for this launch. If you can help with this please ask to be added to our press list. Email us at contact@digitalrights.ie.
- And of course we need money. We need to raise a significant amount of money to sustain the litigation. Every small contribution makes a big difference. Please make a contribution at http://www.digitalrights.ie/support, and please contact us if you know of someone willing to make a major contribution.
September 14th, 2006
We have now started our legal action against the Government challenging Irish and European laws on data retention. Here’s the full press release.
DIGITAL RIGHTS IRELAND CHALLENGES MASS SURVEILLANCE LAWS
Irish civil rights group Digital Rights Ireland (DRI) has started a High Court action against the Irish Government challenging new European and Irish laws requiring mass surveillance. DRI Chairman TJ McIntyre said:
These laws require telephone companies and internet service providers to spy on all customers, logging their movements, their telephone calls, their emails, and their internet access, and to store that information for up to three years. This information can then be accessed without any court order or other adequate safeguard. We believe that this is a breach of fundamental rights. We have written to the Government raising our concerns but, as they have failed to take any action, we are now forced to start legal proceedings.
Accordingly, we have now launched a legal challenge to the Irish government’s power to pass these laws. We say that it is contrary to the Irish Constitution as well as Irish and European Data Protection laws.
We also challenge the claim that the European Commission and Parliament had the power to enact the Data Retention Directive. We say that this kind of mass surveillance is a breach of Human Rights, as recognised in the European Convention on Human Rights and the EU Charter on Fundamental Rights which all EU member states have endorsed.
If we are successful, the effect will be to undermine Data Retention laws in all EU states, not just Ireland, and to overturn the Data Retention Directive. A ruling from the European Court of Justice that Data Retention is contrary to Human Rights will be binding on all member states, their courts and the EU institutions.
Attack on Private Life
He continued:
These mass surveillance laws are a direct, deliberate attack on our right to have a private life, without undue interference by the government. That right is underpinned in the laws of European countries and is also explicitly stated in Article 8 of the European Convention on Human Rights. The Article specifies that public authorities may only interfere with this right in narrowly defined circumstances.
The information will be collected and stored on everyone, regardless of whether you are a criminal, a policeman, a journalist, a judge, or an ordinary citizen. Once collected, this information is wide open to misappropriation and misuse. No evidence has been produced to suggest that data retention laws will do anything to stop terrorism or organized crime.
We accept, of course, that law-enforcement agencies should have access to some call data. But access must be proportionate. In particular, there should be clear evidence of a need to move beyond the six months of storage which is already used for billing purposes. Neither the European Commission nor the European police forces have made any case as to why they might require years of data to be retained.
Data Retention, as legislated for in Ireland and mandated by the Data Retention Directive is unjustified mass surveillance. The government is deliberately recording information about innocent citizens without cause.
Legal background
The action challenges the law on data retention contained in the Irish Criminal Justice (Terrorist Offences) Act, 2005 and the European Data Retention Directive passed in 2006. The action has been commenced in the High Court by McGarr solicitors on behalf of DRI and names as defendants the Minister for Communications, Marine and Natural Resources, the Minister for Justice, Equality and Law Reform, the Garda Commissioner, Ireland and the Attorney General. DRI will ask the Irish courts to refer the Directive to the European Court of Justice for a decision on whether it is valid.
International Support
Digital Rights Ireland is the only group bringing a challenge to these laws, but it is supported by many international privacy and civil rights groups. Danny O’Brien of the Electronic Frontier Foundation said:
The EU Data Retention Directive is an excessive invasion of the privacy and security of all Europeans. Mandatory recording and retention of European citizens’ telephone calls by telephone companies and their online behaviour by Internet Service Providers creates a precedent for mass surveillance and is likely to chill freedom of expression on political and social issues that are at the very core of a well-functioning democracy. Digital Rights Ireland’s legal challenge to the directive will help protect not only the fundamental rights of citizens of Europe, but also those of other countries tempted along the same path.
Other organisations supporting the action include Privacy International, the European Foundation for a Free Information Infrastructure, the Czech civil rights group Iuridicum Remedium, Digital Rights (Denmark), the Belgian Liga voor de Mensenrechten (“League for Human Rights”), Electronic Frontier Finland, the UK Open Rights Group, the Italian group, ALCEI (“Electronic Frontiers Italy”), the French IRIS, the Internet Society – Bulgaria, German groups netzwerk Neue Medien (“network New Media”) and FITUG (Förderverein Informationstechnik und Gesellschaft e.V.), and the Austrian groups VIBE!AT (“Austrian Association for Internet Users”) and Quintessenz.
Click here to see how you can support the action also.
September 14th, 2006
Disclosure of your personal information can expose the most private details of your live and leave you vulnerable to identity theft. Unfortunately Irish law doesn’t require companies to tell you when their security has been compromised and your personal information stolen. The first you might know of it is when you discover that your fraudulent alter ego has enjoyed a spending spree on your credit card or run up huge debts in your name. But by then it’s too late.
We believe that this should be changed. Since 2003 California has had a law which requires companies to warn customers whose data has been compromised. This enables victims to take steps to protect themselves (such as cancelling credit cards), and has proven to be very successful. We believe that Irish customers deserve equal protection.
The EU Commission is now proposing something similar to the Californian law, though more limited. The proposal applies to “electronic communications services” (such as telephone or internet services) and would require providers to “notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, personal customer data.”
As the Commission dryly notes, this disclosure requirement would “create an incentive for providers to invest in security”. More importantly, it will set a precedent which will help to bring in a wider law requiring warnings in all areas, not just telecommunications.
To support this proposal you can send an email to the Commission, cc.d to our Department of Communications. Click here to send a prepared email of support – you need only fill in your name and [optional] address. (Your email may be published on the Europa website unless confidentiality is requested. Where confidentiality is requested, neither the name of the contributor nor the contribution will be published.)
Full details of the proposal (See p.29 of a long PDF file.)
September 13th, 2006
Yesterday’s Irish Times contained an editorial (subscription required) discussing data retention and supporting our case. We’ve taken the liberty of reproducing it here:
Data retention needs fine balance
How closely should a State monitor its citizens? Should it track every letter you send and receive? Should it fit you with a transmitter, broadcasting your location throughout the day? Should the library inform it of the books and magazines you read, and shops pass along details of items you browse and buy? If you contact the Samaritans, an Aids hotline, an alcoholism treatment programme, should the Garda and State be informed?
Most people would answer ‘No’. Ongoing, unwarranted surveillance of our daily activities is contrary to the very notion of living in a free and open democracy. Yet Ireland has in place a data retention law that permits the electronic equivalent of such surveillance, with plans to introduce an expansion on what can be gathered, held and examined, even for the most trivial misdemeanour.
At the moment, details – but not the content – of every phone, mobile and fax call is stored for three years. This information includes a daily record of the physical location of mobile phone users and data on every number called. The Minister for Justice promised that Garda access to call data would be tightly controlled but access restrictions were never imposed, a situation repeatedly criticised by Data Protection Commissioner Billy Hawkes. And an incoming – and controversial – EU directive will require the storage of similar information relating to e-mails sent and received, and web pages viewed.
Perhaps because such legislation deals with electronic data, and the surveillance happens unseen in the background, it has not provoked significant public debate. But electronic monitoring is potentially far more invasive than the “real world” equivalents noted above, as it carries greater possibilities for abuse and misuse, ranging from blackmail to faulty “profiling” to identity theft. Such large-scale surveillance reverses many tenets of democratic society.
It is legitimate, of course, that law-enforcement agencies should have access to some call data. Such information has helped in several high-profile prosecutions, including the Omagh bombing case. But access must be proportional to the threat posed. In particular, there should be clear evidence of a need to move beyond the six months of storage for these data already mandated for billing purposes. Neither the Government nor Garda has come up with a case in which they needed call data from earlier than this six-month framework.
Privacy watchdog Digital Rights Ireland has launched a legal challenge on constitutional and human rights grounds in an attempt to halt the gathering and long-term storage of such data. The case is likely to make its way to the Supreme Court, and from there to the EU courts, as a challenge to the EU directive. Given the breadth of the Irish data retention regime, surpassing that of most other democracies, it is appropriate that it should be tested in this manner. It is important also that the issues involved be subject to proper, if belated, public debate.
August 8th, 2006
Next Posts
Previous Posts