Sometimes, however, it can be informative to know what is being concealed. When answering FOI requests, departments prepare a schedule of records listing each document they hold by data and title.

Looking at this list (available here) it becomes clear that for some time now the Department of Justice has been proposing the introduction of internet blocking in Ireland – and has been doing this under the radar, without any public consultation or legislative approval. Indeed, it is clear from the list that the Department is not planning on introducing legislation but instead intends to introduce this new form of censorship without any legal basis, based on the now discredited Norwegian and Danish models.

(Item #39 is typical. While we don’t have the content, the description – “Copy detailed minutes of meeting between OIS [Office of Internet Safety] and An Garda Siochána 30/07/08 re proposed introduction of blocking technology – 4 pages” – is revealing. Item #48 shows that the discussions have gone as far as “operational procedures”.)

We’ll be writing more about this shortly – in the meantime, Karlin Lillington has a good piece in today’s Irish Times discussing the implications of these documents:

Putting up barriers to a free and open internet

The Government has been having high-level discussions on introducing internet blocking, writes KARLIN LILLINGTON

THE GOVERNMENT has had extensive private discussions on introducing internet blocking – barring access to websites or domains – according to material obtained under a Freedom of Information (FOI) request.

The approach is used by some internet service providers (ISPs) and mobile network operators to block access to child pornography. But increasingly, governments and law enforcement agencies are pushing for much broader use, ranging from blocking filesharing sites to trying to tackle cybercrime and terrorism.

Critics say internet blocking creates many problems with little real effect on illegal activity. For example, internet users and businesses have complained about the side-effects of domain blocking, where barring access to domains can shut down hundreds of personal and business websites as well as e-mail addresses associated with them.

The exact nature of the Government discussions cannot be determined as many of the requests for key documents were refused by the Department of Justice. However, the ongoing high level of discussion on the subject is indicated in the detailed description of each refused item in the list of materials returned by the department.

The FOI request, made by privacy advocate Digital Rights Ireland and seen by The Irish Times, contains eight pages of listed documents. One refused item details a June 2009 meeting between the department and Vodafone on the “introduction of internet filtering in Ireland”. Another is an e-mail from mobile operator 3 listing filter technologies it is using.

Another refused item details minutes of a meeting between the Office for Internet Safety and the Garda “re proposed introduction of blocking technology”. Discussions on the international use of blocking and on proposed European legislation were also refused.

Possible interest in the wider use of such technologies is indicated by a refused document in which an e-mail and note on blocking child pornography sites was forwarded to the official in the Department of Justice in charge of casino gaming regulation.

Proponents of internet blocking argue that it removes offensive and illegal material from the internet and can make it more difficult for child pornographers and their customers to operate.

But critics say it is a blunt instrument that does little to combat pornography or other activities, while causing headaches for networks and ISPs. It can also cause inconvenience and costly disruptions to service for innocent companies and individuals if their websites, internet access and e-mail get cut off.

Paul Durrant of the Internet Service Providers’ Association of Ireland says blocking brings cost burdens for service providers and is not particularly effective. He also says it often means many legitimate websites are barred.

Often, website operators are not informed that their site is on a blacklist and may be unaware that millions are denied access to it.

ISPs also object to taking on the role of policing illegal filesharing. Internationally, ISPs claim they are under increasing pressure from copyright holders and law enforcement agencies to bring in blocking software to do this. “It gets very difficult to judge what is illegal and this kind of blocking would be problematic to implement,” says Durrant. “The Government really needs to put clear laws in place if it wants to do this.”

Durrant adds that blocking “stifles a free and open internet” – a concern for national and international “smart-economy” businesses – and could affect inward investment and the ability of Irish businesses to operate effectively.

Existing evidence indicates that blocking is a clumsy approach and amounts to censorship, says TJ McIntyre, a barrister, UCD law lecturer and chairman of Digital Rights Ireland. He is concerned about the indications from his FOI request that blocking could be brought in on a national level.

McIntyre has written a paper arguing that increasing pressure on network providers and ISPs to act as third-party “gatekeepers”, often in a “voluntary” fashion, allows for unaccountable control of internet users and usage.

“Blocking involves censorship taken on no legal basis. There is no judge, no jury and no right to be heard if you are blocked,” says McIntyre. “The chances are it also will be used in unaccountable ways by unaccountable organisations.”

He adds: “If you want to stop people accessing certain material, the thing to do is to legislate for that.”

Unbelievable. That is the only word to describe the loophole that the new Retention of Data bill has created.

For those who missed it, the bill seeks to compel telephone and internet operators to retain details of emails, text messages and phone calls for up to two years. This is to help fight crime. But what are the most popular e-mail services for Irish users?

That’s right: Hotmail, Yahoo Mail and Gmail. Will any of these e-mail services be covered by the bill? Nope. Will messages or instant chat on Facebook, Bebo and Twitter be covered under the bill? No again.

And it gets worse. The bill is supposed to track telephone calls to identify who called who at what time. But will it cover calls made on Skype, Blueface or any of the dozens of VOIP services that Irish people use in their thousands? Nope. Will it cover Skype calls made on mobile phones (like the iPhone or 3’s Inq phone)? No again.

The state’s view of criminals’ communications habits is quite clear. They use a contract mobile phone to make and receive calls and texts. They use a Microsoft Exchange e-mail account hosted with a recognised Irish internet service provider.

And they have an Eircom phone line, on which they organise gang meetings with key lieutenants.

I would really like to know who drafted this bill. What age are they? Have they ever heard of social networking sites? Have they ever heard of Skype? Or do they simply think that organised criminals are complete idiots who openly converse with each other on server-hosted Microsoft Exchange e-mail accounts?

More from yesterday’s Sunday Business Post: 1, 2, 3.

In essence, the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year. This is better than it could have been, in that the Directive would have allowed 2 years for all traffic data; but it is a lot worse than the minimum of 6 months allowed by the Directive. This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.

Traffic data retention (like any example of pre-emptive and widespread surveillance) is simply a bad idea; it is a massive invasion of privacy; it is founded on the illiberal and anti-democratic suspicion that someone somewhere might be doing something; and it is not good enough to reply that if you have nothing to hide, you have nothing to fear from surveillance. As the prolific and challenging AC Grayling argues in his new book Liberty in the Age of Terror: A Defence of Civil Society and Enlightenment Values (Bloomsbury, 2009; reviewed by The Economist here), this pernicious assertion is “one of the most seductive betrayals of liberty” imaginable; it assumes that

the authorities will always be benign; will always reliably identify and interfere with genuinely bad people only; will never find themselves engaging in ‘mission creep’, with more and more uses to put their new powers and capabilities to; will not redefine crimes, nor redefine various behaviours or views now regarded as acceptable, to extend the range of things for which people can be placed under suspicion—and so considerably on.

The concerns might be met by strong protections coupled with meaningful oversight, but the Bill is worryingly bereft on this score. Although it imposes obligations to retain data, and to maintain it secure, and to prevent unauthorised access to data, it does not provide any redress to someone whose data is retained insecurely or accessed without authorisation; and the Data Protection Acts, 1988 (also here) and 2003 (also here) are inadequate to cope (for example, they would provide no criminal sanction for the News of the World’s recently-disclosed shenanigans). Worse than that, large-scale databases are peculiarly vulnerable to attack – an investigation by More4 News for Channel 4 reported last week (in a story that should give some pause to those planning a system to trace patients for Ireland) that more than 8,000 dangerous viruses have infected NHS computers in the last year, overloading networks, and massively compromising large amounts of personal data.

It is appropriate to restrict individual privacy provided that there is a good reason to do so, and the restrictions do not good too far. In the context of this Bill, the prevention of crime is a good reason, but the restrictions seem to go very far indeed, especially in the absence of proper protections and oversight. In S and Marper v UK 30562/04 [2008] ECHR 1581 (4 December 2008) one of the reasons given by the European Court of Human Rights for holding that the UK’s retention of innocent people’s DNA records on a criminal register infringed their right to privacy was the lack of sufficiently strong safeguards. I am a Director of Digital Rights Ireland; this is one aspect of our ongoing challenge to Ireland’s data retention regime; and this flawed Bill does nothing to alleviate these concerns.

(Cross-posted from Eoin O’Dell’s blog, cearta.ie)

Just so there’s no confusion we’re repeating the request here – if he genuinely has nothing to hide then surely he’ll be happy to provide us with details of his (taxpayer funded!) mobile phone bills for the last two years and we’ll be happy to put them online. A request has been sent to him by email and by voicemail to his constituency office asking if he will make that information available to us and if not why not. Any reply will be posted to this blog. Though perhaps you shouldn’t hold your breath.

Update (14.07.09): The chutzpah of FF TDs knows no bounds. According to today’s Independent, at a recent FF meeting backbenchers opposed being required to use a swipe card to track attendance:

The TDs also resented the idea of a swipe card that would keep track of their comings and goings at Leinster House and prevent claims for expenses from absent members…

TDs and senators believe that a pilot scheme for civil servants where their attendance and hours in work would be monitored by a swipe card system will be used to check up on them. And while most privately acknowledge that a few may abuse their expenses and allowance privileges, they resent the idea of a “Big Brother system of electronic supervision”.

In the last year alone, multiple cases have come to light: notably Bank of Ireland, which lost personal data on more than 30,000 life assurance customers; the Office of the Comptroller and Auditor General, which lost information on 380,000 social welfare recipients; and Airtricity which posted the financial details of 1,200 customers on its website for six weeks.

Why have Irish organisations been so slipshod with the information we have entrusted to them? One problem is that the bodies that hold the data suffer little direct damage if the data is lost – it is the individual, not the company, who suffers the harm. Consequently, there is little financial incentive for them to take adequate measures to protect our data.

This is compounded by a lack of transparency. Under Irish law, there is no express obligation for a company that has lost customer data to notify anyone – neither the customer nor the Data Protection Commissioner.

The result is that organisations try to cover up data breaches to save face. Consequently, if your details are leaked, it is entirely possible that the first you will know of it is when you discover that your fraudulent alter ego has enjoyed a spending spree on your credit card or run up huge debts in your name. By then, it’s too late.

Oops – Daithí (in comments) and Darius (by email) both correctly point out that the Bill was in fact published last week. Full text on the Oireachtas website.

What’s the difference between data retention and interception? While data retention focuses on traffic data – who called whom, when, where the mobile phone was, etc. – interception deals with attempts by the state or private parties to monitor the contents of communications – to listen in on telephone calls, read emails, and so on.

Interception is controlled to a limited extent by Irish law – under legislation from 1983 and a 1993 Act introduced after a scandal involving the Taoiseach and Minister for Justice illegally tapping journalists’ phones – but that law is now well out of date, and doesn’t meet the standards set out by European law in the 2002 e-Privacy Directive.

What’s wrong with the existing Irish law? There are two major limitations. First, it was introduced at a time when there were a limited number of players in the telecommunications market. As such, it applied initially to Telecom Éireann, and was extended to certain telecoms businesses operating under a licence or a general authorisation. It does not, however, apply to other businesses which don’t need an authorisation – which includes most online only businesses. Webmail, instant messaging or voice over IP, for example, would not be protected by the 1993 Act. Secondly, it applies only to messages which are “being transmitted” – something which appears to mean that e.g. the contents of a webmail inbox would not be protected.

As a result of these limitations, the protections of the 1983 and 1993 Acts – which make interception a criminal offence, require a warrant from the Minister for Justice before interception can be carried out by the police, and provide for judicial oversight – simply do not apply to a wide range of online communications. This lack of legislative control appears to be a relatively clear breach of the e-Privacy Directive, which requires states to “prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so … [by] legislative measures [which are] necessary, appropriate and proportionate within a democratic society”.

In short, we think that Irish law doesn’t adequately protect the privacy of your online communications – and hopefully the European Commission will require the Government to introduce adequate protections. If you agree, you can support the complaint by contacting the Minister for Justice (Email: minister@justice.ie, Fax: 01 661-5461, Snail Mail: 94 St. Stephen’s Green, Dublin 2) and asking him to extend Irish interception law to adequately protect online communications and meet our European obligations. You can also email the Commission at InfsoB2@ec.europa.eu, referring to our complaint and indicating that you are also making a formal complaint that Irish law on the interception of communications is not in compliance with Art. 5 of the ePrivacy Directive.

(Update: 16.06.09 – The European Commission has now replied, indicating that it is now investigating this matter under reference 2009/4368, SG(2009) A/4871. You might include this reference if writing to support us.)

For those of you who can’t get enough legalese, the full text of our complaint is below:

Dear Mr. …

The purpose of this letter is to outline how Ireland has failed to implement Article 5 of Directive 2002/58/EC.

As you know, Article 5.1 provides that:

“Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality.”

When implementing the Directive, it was the view of national authorities that Article 5.1 was already adequately provided for in Irish law by section 98 of the Postal and Telecommunications Services Act 1983 in combination with the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993. See the comments of the Department of Communications, Marine & Natural Resources in their Guidance Notes on the Transposition into Irish Law of EU Directive 2002/58/EC. (29 July 2003) Since transposition, Part 7 of the recent Criminal Justice (Terrorist Offences) Act 2005 has also become relevant.

Between them, these pieces of domestic legislation do partially cover the requirements of Article 5. However, the scope of this legislation is limited and there are several situations which appear to fall within Article 5 but which would not be covered by Irish law. Three points in particular stand out:

* Section 98 applies only to messages being transmitted by persons who hold a general authorisation. Messages transmitted by other persons are not protected. Thus, it would appear that email sent via a webmail service such as Gmail would not be covered; nor would calls on VOIP services such as Skype.

* Section 98 applies only to messages “in the course of transmission”. Again using the example of a webmail service, it would appear that the stored contents of a person’s inbox would not be in transmission and thus would not be covered (perhaps depending on whether they had been read by the recipient).

* The Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 regulates police interceptions of telecommunications messages, but again only where those messages are being transmitted by persons who hold a general authorisation. Consequently, the safeguards created by that Act (including judicial oversight) do not apply to other police interceptions.

I propose to outline briefly the Irish legal framework and to consider in more detail the places where Irish law falls short of the requirements of Article 5.

Persons to whom Irish interception law applies

Irish law on interception of telecommunications messages is contained in section 98 of the Postal and Telecommunications Services Act 1983 which prohibits interception and disclosure of telecommunications messages. That section, as originally enacted, applied only to the interception of messages being transmitted by the then state monopoly, Telecom Éireann.

With the advent of deregulation, section 98 was extended to cover other licensed operators (the Postal and Telecommunications Services (Amendment) Act, 1999, section 7). Subsequently, with the introduction of a general authorisation framework, the provisions of section 98 were extended to any person operating under a general authorisation (Regulation 4(8) of the European Communities (Electronic Communications Networks and Services)(Authorisation) Regulations 2003).

However, this limitation of section 98 to messages being transmitted by persons operating under a general authorisation would appear to present a problem. There may be situations where telecommunications messages are being transmitted by means of a public communications network or through a publicly available telecommunications service, where that network or service is not being operated under a general authorisation. Webmail and VOIP services would appear to fall into this category. Accordingly, messages transmitted by such services do not appear to be protected against interception under Irish law.

In particular, there is no offence to address the situation where a private individual intercepts messages being transmitted by such a service, or where the proprietor of such a service improperly discloses such messages.

Restriction to messages in the course of transmission

Section 98(1) (as extended) provides:

“A person who-
(a) intercepts or attempts to intercept, or
(b) authorises, suffers or permits another person to intercept, or
(c) does anything that will enable him or another person to intercept,
telecommunications messages being transmitted by [a person deemed to be authorised under the Authorisation Regulations] or who discloses the existence, substance or purport of any such message which has been intercepted or uses for any purpose any information obtained from any such message shall be guilty of an offence.” (emphasis added and text changed to reflect extension of s.98 to other operators)

The reference to telecommunications messages being transmitted suggests that stored messages, such as voicemail messages, or a webmail inbox, would not be protected by section 98. (It might be said that such messages are “being transmitted” until the point at which they are initially accessed – however, once accessed it would seem more difficult to argue that they are still being transmitted.) This limitation appears to be incompatible with Art. 5 of Directive 2002/58/EC which applies to “communications” (as defined in Art. 2) generally. Indeed, Art. 5 would be significantly undermined if messages in storage were excluded.

Regulation of police interception of telecommunications messages

The Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 sets out the Irish law on police interception of telecommunications. Under section 2, an authorisation to intercept the contents of communications can only be given by the Minister for Justice. Sections 4 and 5 set out conditions which must be satisfied before an authorisation can be granted. For example, section 4 provides (in respect of the investigation of crime) that:

“The conditions referred to in section 2 of this Act in relation to an interception for the purpose of criminal investigation are-

( a ) (i) that-

(I) investigations are being carried out by the Garda Síochána, or another public authority charged with the investigation of offences of the kind in question, concerning a serious offence or a suspected serious offence,

(II) investigations not involving interception have failed, or are likely to fail, to produce, or to produce sufficiently quickly, either or, as the case may be, both of the following, that is to say:

(A) information such as to show whether the offence has been committed or as to the facts relating to it,

(B) evidence for the purpose of criminal proceedings in relation to the offence,

and

(III) there is a reasonable prospect that the interception of postal packets sent to a particular postal address or of telecommunications messages sent to or from a particular telecommunications address would be of material assistance (by itself or in conjunction with other information or evidence) in providing information, or evidence, such as aforesaid,

or

(ii) that-

(I) in the case of a serious offence that is apprehended but has not been committed, investigations are being carried out, for the purpose of preventing the commission of the offence or of enabling it to be detected, if it is committed, by the Garda Síochána or another public authority charged with the prevention or investigation of offences of the kind in question,

(II) investigations not involving interception have failed, or are likely to fail, to produce, or to produce sufficiently quickly, information as to the perpetrators, the time, the place, and the other circumstances, of the offence that would enable the offence to be prevented or detected, as the case may be, and

(III) there is a reasonable prospect that the interception of postal packets sent to a particular postal address or of telecommunications messages sent to or from a particular telecommunications address would be of material assistance (by itself or in conjunction with other information) in preventing or detecting the offence, as the case may be,

and

(b) that the importance of obtaining the information or evidence concerned is, having regard to all the circumstances and notwithstanding the importance of preserving the privacy of postal packets and telecommunications messages, sufficient to justify the interception.”

This section provides important safeguards: interception is restricted to serious offences, investigation other than interception must be inadequate, interception is restricted to messages sent to or from a particular address, thus ruling out indiscriminate monitoring of traffic and “fishing expeditions”, and interception must, in the circumstances, be proportionate.

Section 8 of the Act then creates a judicial power of oversight over the interception system, while section 9 creates a complaints procedure for persons who allege that interceptions have been improperly carried out.

The 1993 Act is, however, limited to “interceptions” which would (if not authorised) amount to an offence under section 98. (See the definition of “interception” in section 1.) Consequently, the 1993 Act has no application to interceptions falling outside section 98. It follows that any interception by the police of, for example, emails transmitted by a webmail service will not be regulated by the provisions of section 98 and will escape regulation by Irish law – the section 98 safeguards, including proportionality, judicial oversight and the complaints procedure, will not be available.

This would appear to breach Article 15.1 of Directive 2002/58/EC. Article 15.1 specifies that any restriction by Member States of the rights and obligations provided for in Article 5 must be by way of “legislative measures” which are “necessary, appropriate and proportionate within a democratic society”. However, interception of emails in the circumstances I have outlined would appear not to be governed by any legislative measure, much less one which can be assessed as necessary, appropriate or proportionate. The unfettered discretion which this would appear to confer on the police would therefore appear to be incompatible with the Directive.

In summary, it appears that Irish law has not been properly updated to take account of the requirements of Article 5 of Directive 2002/58/EC, and I would respectfully ask that the Commission investigate whether Ireland has failed properly to implement this Directive.

Leave aside for a moment the nonsense of sending this letter to a business – Blacknight - which doesn’t in fact provide internet access. The key words are these:

Eircom has agreed that it will not oppose any application our client may make seeking the blocking of access from their network to the Pirate Bay or similar websites …

Please confirm that Blacknight will also work with the record industry to end the abuse of the internet by peer to peer infringers … in the event of a positive response to this letter it is proposed to make practical arrangements with Blacknight of a like nature to those made with eircom.

In short, as Adrian Weckler puts it:

Irma is drawing up a list of websites it doesn’t like and Eircom will block them to all of its customers. And Irma is demanding that other ISPs do likewise, on pain of being sued.

Eircom says that it will only block a website if a court order requests it to. But it has undertaken not to oppose any application to a court… Our judicial system is an adversarial one: it depends on someone opposing the action for a judge to come to a conclusion. If the opposing party enters no opposition, a basic standard of proof will be enough to satisfy the court.

The net effect of this scheme, if it is allowed to go into effect, will be to impose an internet death penalty on two groups. On users, who will be cut off on the allegation of a private body, with no court involvement, and on websites, which could be blocked to Irish users based on a court hearing where only one side is heard. Damien Mulley makes the point well as usual:

So first they’ll start with the Pirate Bay. Then comes Mininova, IsoHunt, then comes YouTube (they have dodgy stuff, right?), how long before we have Boards.ie because someone quoted a newspaper article or a section of a book? And don’t think they’ll stop there too, any site that links to The Pirate Bay and the others on the hate list will probably be added to the list too…

I’m sure the business case for eircom was they didn’t want any more costly High Court actions with McDowell biting at their legs on the command of the music industry but this is going to open up a can of worms with IRMA demanding more and more attacks on how people surf the net, this is what it is in my view an attack on our freedom to read, our freedom to write, our freedom to move around the web. All so a very rich but rapidly becoming poor group of luddites can feel better for seeing the future and trying to fight it.

And of course the costs of communications with IRMA and of the filtering is going to be passed on to the consumer. The cost of blocking a single site will be almost nothing I suppose but as more sites get added and as the arms race between the pirates and the ISPs escalates, then it’ll become complicated and complicated costs more. So again the majority get to pay…

So what can you do about this? The first step is the most urgent. The other ISPs are at this very moment considering what steps to take. Although some (such as Bitbuzz) have been vocal in their opposition, caving in is the path of least resistance unless you show that this is an issue which matters to you and which determines where you’ll take your business. Contact your ISP – mark your email for the attention of their regulatory department – and let them know what you think. Contact emails for most ISPs are on the ISPAI website. Do it now – the decision on what to do will be made soon.

The next thing to do is to get involved with a group which will fight this. We’re currently working on a few ideas and will let you know soon. But in the meantime you should go to Blackout Ireland who have been quick off the mark with a plan to black out the Irish internet for a week from March 5th. The Digital Rights forum on Boards.ie has also been abuzz with this issue, as has this thread on their Broadband forum.

Having done that, let the Minister for Communications – Eamon Ryan – know the damage that this is likely to cause. Don’t just rely on the civil rights arguments – business impact is more likely to get attention. Point out that if ISPs are forced to become the (unpaid!) copyright cops of the music industry, it will drive up their costs and set a dangerous precedent for other Irish internet businesses. Would you choose to establish an internet start up in Ireland if you thought you’d be made responsible for policing what your users do? Ask him to intervene to prevent irreparable damage to the Irish internet. Eamon Ryan’s email addresses are eamon.ryan@oireachtas.ie and minister@dcenr.gov.ie but a paper letter (Department of Communications, Energy and Natural Resources, 29-31 Adelaide Road, Dublin 2) or fax ((01) 678 2029 or 2039) are more likely to get attention. You can also ring the Minister’s office on (01) 678 9807 – if you do, be polite and succinct. If you’re a constituent of his (in Dublin South) be sure to mention that fact and that this issue will influence how you vote in the next election.

While it’s a pity to see the Directive upheld, the Government’s challenge was a very narrow one, dealing only with the essentially technical matter of the legal basis for the Directive. The Government didn’t raise and the ECJ wasn’t asked to decide on the fundamental rights issues. Indeed it expressly stated:

The Court notes at the outset that the action brought by Ireland relates solely to the choice of legal basis and not to any possible infringement by the directive of fundamental rights resulting from interference with the exercise of the right to privacy.

Consequently, the decision doesn’t affect the core of our challenge to the Directive, which will still go ahead on the basis that it infringes the rights to privacy and freedom of expression. At the moment we’re waiting on a decision from the High Court on our application to refer these issues to the ECJ – we’re confident that when these issues reach the ECJ that they will decide in our favour.

It’s undoubtedly a good thing that the idea of filtering has (at least for the time being) been dropped – and in case you’ve forgotten, here’s why it’s a bad idea. But this new three strikes system has the potential to be just as bad. Why?

It’s unreliable. The company which the Irish music industry used in previous cases to identify filesharers – MediaSentry – has a track record of false accusations and in fact was recently found to be operating illegally in several US states. As a result the music industry has now dumped MediaSentry and has turned to Danish firm Dtecnet – but the inherent unreliability of this process remains.

It’s secret. We normally expect rules to be made in public, to be accessible to citizens and to be applied publicly. In this case, though, the settlement is private to the parties and we don’t know how it will be implemented by Eircom. Do you expect the right to challenge evidence in court? Perhaps a right to appeal? Tough. On the face of it the music industry and Eircom will between them act as judge, jury and executioner.

It’s undemocratic. The European Parliament has already rejected a similar plan to disconnect individuals based on mere accusations. In other countries where three strikes has been discussed there has been public input via legislatures and public consultation. (And in the UK the democratic process led to three strikes being shelved.) Here, however, the music industry is trying to foist the system onto ISPs while sidelining the Oireachtas and the democratic process.

It’s disproportionate. Daithi makes this point well:

The present-day Internet includes communication (email), socialising (IM, social networking etc), media consumption (websites, blog, streaming, etc), media creation (ditto), access to Government services, online commerce, etc. Now imagine that the sanction for a, let’s face it, relatively minor crime (copyright infringement, while economically significant, is hardly manslaughter), includes no use of the postal services, highly limited access to shops, no permission to read a newspaper, reduced ability to use public services or get public information, and more. That’s no minor sanction. Indeed, most prisoners can get things like reading material and send and receive letters! Not to mention that a Net disconnection has an impact on family members and others.

It will affect innocent third parties. Internet connections are not generally unique to an individual. Instead they’re shared – amongst families, flatmates, etc. But this system will mean that others will suffer based on the alleged wrongdoing of another. As the Open Rights Group points out:

if Dad gets the connection cut off … suddenly Mum can’t run her business from home, and the kids can’t get access to the Web to do their homework.