In defence of online anonymity

Earlier this week Declan Kiberd decried “masked and anonymous ranters who use the media to vent,” praising instead those “honest people who write letters to the editor” and supply their name and address. In another recent article Jim Glennon wrote that anonymity “facilitates bitterness, vitriol and, at times, sheer poison” making the internet “a playground for cranks” who are invulnerable “to identification or retaliation”.

These comments don’t recognise any positive aspects to anonymous speech. But the last point from Jim Glennon inadvertently illustrates why many people are concerned that the things they say online might be connected to their offline identities. Retaliation is a real risk – the case law is full of examples of retaliation for such things as expressing unpopular views, blowing the whistle on wrongdoing or speaking out in favour of a union.

This point can sometimes be overlooked by those who are in a position of power. Professor Kiberd, for example, enjoys by virtue of the Universities Act the academic freedom “to question and test received wisdom, to put forward new ideas and to state controversial or unpopular opinions” without fear of being penalised by his employer. Others, however, may not be so fortunate.

Even leaving aside fears of retaliation, there are many reasons why anonymous speech can be a good thing. While anonymity can sometimes be used to tell lies, very often it instead promotes honesty. Irish society can place a premium on keeping up appearances and putting on a brave face, in a way that makes it difficult to admit to weakness. Visit discussion forums, however, and we often find that anonymity enables users to be more honest about difficult subjects such as their relationships, their finances or their health.

Anonymity can also mean an improvement in the quality of debate. As Mr. Glennon notes, we should “analyse the arguments being advanced, and not those by whom they are being advanced”. As human beings we are naturally keen to know who is speaking, to put a face to an opinion. But the anonymity of internet discussion enables us to judge arguments on their merits, leaving our prejudices behind.

Indeed, while there is an understandable tendency to be fearful of modern technology none of these points are new to the internet. It should not be forgotten that many great works of literature have been produced anonymously or under assumed names. One of the giants of Irish writing, Jonathan Swift, published all his satirical works either anonymously or under a pseudonym.

None of this is to say that online anonymity should be absolute. In criminal cases – such as the recent attack on the CAO website – the law allows for user identities to be revealed to Gardaí as part of an investigation. Apart from criminal cases, however, anonymity should be taken away only in very narrow circumstances. In an important decision in 2005 the High Court ruled that internet users enjoyed a right to “confidentiality of identity” and held that this right should not be set aside by a court unless there is “very clear proof of wrongdoing”.

In general, this ruling strikes a reasonable balance between the privacy rights of users and the rights of parties who claim that they have been the victims of wrongdoing. It also allows a court to refuse identification where it is sought for some ulterior motive.

For example, in a 2006 case Ryanair applied to the High Court to identify anonymous Ryanair pilots who posted comments on a union website. Ryanair claimed that they needed the identities to protect other staff from intimidation and threats – the High Court, however, found that there was no evidence of intimidation or threats and the real purpose behind the action was to “break the resolve” of the pilots seeking better conditions of employment. Consequently the court refused to order disclosure of the pilots’ identities.

This approach is far from perfect, however. Although in theory wrongful applications to identify can be challenged, in practice this seldom happens. The only reason that the High Court was able to consider the merits of Ryanair’s case was because the union behind the pilots’ website was able to stand up for the rights of its members. If Ryanair had tried to identify the pilots using some other method – suing their internet service provider (ISP), for example – then it is likely that the application to identify would have gone unopposed and the pilots been improperly unmasked.

Unlike other jurisdictions such as the United States, Irish law fails to ensure that users are notified of attempts to identify them and given an opportunity to oppose the application. Consequently in most cases Irish users are dependent on their ISP to make a case on their behalf. ISPs, however, have no commercial incentive to do so.

As a result, although the law is supposed to balance the rights of the parties before ordering identification, the court will generally hear only the plaintiff’s version of events. If Irish law is to fully protect anonymous speech online then it will be important to ensure that users have a right to be heard before their identity is revealed – notification afterwards is too little, too late.

TJ McIntyre is chairman of Digital Rights Ireland, solicitor and lecturer in law in UCD

The Irish mobile operator O2 has acknowledged accidentally blocking the
image hosting website IMGUR through its system for blocking alleged child
abuse material. There appears to have been no indication that there was, in
fact, any illegal material hosted on that site. Furthermore, it is not
obvious on what basis O2 could have made the decision to undertake the
blocking.

In a statement provided to the Irish hotline, which was not published but
simply made available to people who enquired about the problem, O2 explained
that “the technology behind the service (to block child abuse images) is
more far reaching than anticipated and on occasion a site which should not
be blocked may be.” It is impossible to tell how many other innocent, but
smaller and therefore less noticeable, websites are similarly blocked by
accident, due to this “far reaching technology.”

O2 undertakes its blocking system on a voluntary basis, despite the fact
that, according to the European Commission, “such measures must indeed be
subject to law, or they are illegal”(according to the Commission’s impact
assessment on the draft Directive on child exploitation). Nonetheless, the
European Commission is also now supporting such extra-judicial measures and
it is now also proposing to use taxpayers’ money to fund them.

A six million euro call for proposals launched in June 2010 refers to
funding for “blocking access to child pornography OR blocking the access to
illegal Internet content through public-private cooperation”. This call, by
the Commission, for “self-regulatory” blocking of allegedly illegal content
in general was made just a few weeks after Commissioner Malmström explained
at a conference that “the Commission has absolutely no plans to propose
blocking of other types of content – and I would personally very strongly
oppose any such idea”.

It is likely that further deliberate and accidental blocking of websites
will now spread in Ireland, due to the fact that the Irish former monopoly
Eircom agreed to block sites accused of containing unauthorised material,
while mobile operator Vodafone has reportedly also indicated that it will
introduce extra-judicial measures against any of its customers repeatedly
accused of infringements.

Many blogs and online message boards accused the Irish Internet hotline of
having prepared a faulty blocking list and this was what led to IMGUR being
blocked. As the Irish internet hotline does not prepare a blocking list, but
simply acts in its capacity as a hotline, these allegations were incorrect.

Background links:

Commission impact assessment – Accompanying document to the Proposal for a
Council Framework Decision on combating the sexual abuse, sexual
exploitation of children and child pornography, repealing Framework Decision
2004/68/JHA – Impact assessment {COM(2009) 135} {SEC(2009) 356 (25.03.2010)

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC0355:EN:NOT

Irish Internet hotline

http://www.hotline.ie

Vodafone in line to join file-sharing clampdown (16.06.2010)

http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html

European Commission call for proposals: “Prevention of and fight against
crime”

http://ec.europa.eu/justice_home/funding/isec/doc/tc2_call_2010_en.pdf

Commissioner Malmström speech: “Combating sexual abuse, sexual exploitation
of children and child pornography: the Commission’s proposed Directive”
(6.05.2010)

http://ec.europa.eu/commission_2010-2014/malmstrom/archive/Speech%20%20Malmstrom%20-%20Combating%20sexual%20abuse%2006_05_2010.pdf

[By Joe McNamee - EDRi]

Senator Paschal Donohoe: I thank the Minister for taking this Adjournment matter. It relates to Government thinking on dealing with the issue of illegal file sharing across the Internet. There was some publicity about that in recent weeks in regard to a freedom of information request to the Government through an organisation called Digital Rights Ireland. It was looking to establish Government policy on how it would work with Internet service providers in Ireland to stop files being shared illegally across the Internet.

In raising this issue on the Adjournment I seek to do three things, the first of which is to establish Government policy and thinking on the area because until now I have been unable to get a read on the most recent thinking in terms of the way this area will be dealt with. How we respond to this is becoming increasingly important because there have been a number of High Court rulings in this area to which the Government will have to respond and deliver a policy that will deal with this area.

Second, I have an interest in Irish companies that work on the Internet. These are legitimate large Irish companies that would work in digital media, digital gaming, digital art, animation and so on which depend on the Internet to deliver a legitimate business that is a symbol of the smart economy we are all committed to delivering. Some of those companies have flagged a number of issues in terms of where they see Government policy going that could seriously affect their ability to operate successfully out of Ireland.

Two points have been made to me, the first of which is the need to recognise and emphasise that not all file sharing across the Internet is illegal. Much of the file sharing is important for digital games, on-line enterprises and marketing activity to work. It is completely legal and the kind of enterprise and activity our country is trying to promote as being a hub for Europe and the world.

The second point is a more technical one that I am trying to understand further but it is worth putting on the record. It appears that many of the protocols and technologies that would be involved in illegal file sharing are also the ones used to run legal file sharing and the approach the Government might decide to take may be unable to recognise the difference.

That leads me to the third point I want to make. As this issue was raised with me and I talked to some experts in the area, the message I got back from large employers here, who are strategic to what we are looking to do with our smart economy is that a policy that did not consult them could threaten the jobs and expertise we are building up in areas like cloud computing, digital media and attracting companies like Facebook, which has its European headquarters in Dublin, Google, Bling and so on which depend on many of these technologies for their business and operations in Ireland.

This issue is now being dealt with across Europe and the world and it is being treated much more seriously than was the case in the past. While I am presenting this as a threat to our country because inevitably we respond to bad news we hear and raise them in these Houses, the important flip side is that as other countries make a decision about the way they will respond to this issue, there is the possibility they will use a blunt instrument to deal with it.

I urge the Minister, the Department of Justice, Equality and Law Reform and the Department of Communications, Energy and the Marine to consult broadly with the businesses and stakeholders in Ireland to ensure we come up with a policy that deals comprehensively and seriously with the issue of illegal file sharing, which includes everything from the sharing of songs illegally to child pornography, which is a very serious issue, but in a way that recognises that a great deal of commercial activity we are trying to attract uses the same technology. We have already had much success in that regard.

If we were to do engage in a consultation process, we could formulate a policy that might be more nuanced and effective than those of many other competitive countries which are looking to get the same technologies. That would add to our ability to grow these industries domestically through indigenous talent and would also be another string in our bow in terms of attracting such companies to our country, which we all want. Our country has had a great deal of success in this area up to now.

I realise the Minister of State will reply on behalf of another Department. I understand the reason for that but this is a serious issue and if we all engage in it, it might ward off danger and present an opportunity to us as well. I look forward to the Minister of State’s response and hope to have an opportunity to pursue this issue in the Seanad.

Minister of State at the Departments of Health and Children, Education and Skills, Enterprise, Trade and Innovation and Justice and Law Reform (Deputy John Moloney): I thank Senator Paschal Donohoe for raising this important matter on the Adjournment. I want to advise Senator Donohoe that the Office for Internet Safety, OIS, is an executive office within the Department of Justice, Equality and Law Reform, which the Senator has acknowledged, and has responsibility for promoting Internet safety, with a particular focus on combating child abuse imagery, more commonly known as child pornography. The office is advised by an Internet Safety Advisory Council comprised of key stakeholders in the statutory, industry and community sectors.

The Internet is a worldwide phenomenon with no borders and no single organisation controlling it. Efforts to combat illegal and harmful materials and activities on it can be hampered by the multiplicity of jurisdictions, differing legal systems and societal norms. Tackling Internet downside issues is a complex business and continues to set new challenges and commitments for all those charged with protecting against the downside of the Internet.

In a number of EU member states — the United Kingdom, Denmark, Finland, Norway, Sweden and the Netherlands — a system of Internet blocking-filtering has been introduced on a voluntary basis whereby a so-called blocklist of sites containing illegal child pornography is made available by the police or other competent authorities and is utilised by individual Internet service providers to prevent access to such content. Germany and France have introduced or are considering the introduction of legislation requiring ISPs to block access to websites containing child pornography.

It is generally acknowledged that all such Internet blocking or filtering systems are not foolproof and can be circumvented in certain circumstances. However, such filtering systems are understood to be useful in preventing Internet users from inadvertently encountering such illegal content. All mobile phone operators in Ireland, under a voluntary agreement brokered by the European Commission with GSM Alliance Europe, an association which represents European mobile phone operators, implement a form of filtering on their mobile Internet services which prevents access to websites identified as containing illegal child pornography. There is an existing self-regulatory framework for Internet service providers in operation in Ireland that actively encourages the adoption of best practice procedures aimed at limiting the proliferation of illegal child pornography content on-line. Members of the public may report such material to the Internet Service Providers Association of Ireland www.hotline.ie service. If the material is hosted here and deemed to be illegal and in contravention of Irish law, ISPAI members are obliged to remove such material. If the material is hosted in another jurisdiction, it is notified to the Internet hotline in that jurisdiction and the relevant law enforcement agencies for follow-up, with the aim of having illegal content taken down.

So far as the Department of Justice, Equality and Law Reform is aware, standard Internet service providers in Ireland do not implement any blocking or filtering system in respect of child pornography. The Office of Internet Safety, because of its stated role in the promotion of Internet safety and, in particular, combating child pornography, has a role in examining such issues with advice from the Internet Safety Advisory Council. In undertaking research to develop policy advice in this area the Office of Internet Safety has had discussions with a variety of relevant interests on issues pertinent to the consideration of the possibility or feasibility of introducing Internet filtering in Ireland, specifically in respect of illegal child pornography content. These ongoing discussions were referred to in recent press reports. However, no decisions have been arrived at on the issue of Internet filtering or blocking at national level. Any proposals for the introduction of such a system would, at the very least, need to be submitted to the Government for consideration. The introduction of any such system, particularly if it is mandatory, might require primary legislation. Notwithstanding this, a draft proposal for a directive on combating the sexual abuse and sexual exploitation of children and child pornography has been published recently by the European Commission which could potentially require member states to implement some form of blocking system for websites containing child pornography. This proposal will be discussed in the European Parliament and at the Council of Ministers. Ireland’s participation in the adoption and implementation of this measure will be subject to Government and Oireachtas approval.

Senator Paschal Donohoe: Everyone is supportive of any measure that can be taken to deal with the evil of child pornography and its distribution on the Internet. The consequences of a course of action that could be taken may be more far-reaching and profound than is understood. The response of the Minister of State concerns the discussions taking place — referred to in the first part of my submission — but does not take account of the second part — the effect such a measure could have on interests in Ireland. There are options to deal with the dissemination of child pornography and violent material on the Internet that would have a more benign effect on elements we are legitimately trying to attract to the country. That the Department of Communications, Energy and Natural Resources is not mentioned in the response is telling. That Department is at the forefront in attracting legitimate businesses to the country.

I again thank the Cathaoirleach for giving me the opportunity to raise this matter.

Pulling the plug is not the answer

Earlier this week Eircom announced that it has started “the phased disconnection of file-sharers” on its network – colloquially known as a “three strikes” policy.

The key players in this procedure are Eircom, the Irish Recorded Music Association (IRMA) and technology firm Dtecnet. Under the procedure IRMA will provide Eircom with the IP addresses of machines that Dtecnet claims to have found to be infringing the copyright of its members. This will then trigger a disconnection procedure by Eircom starting with a letter, moving on to temporary suspension of an account, and ending with the disconnection of the account for up to a year.

In Ireland, one must generally have engaged in some form of wrongdoing in order to be punished. It is clear that the disconnection of one’s internet access is quite a severe punishment in today’s digital society.

But one problem with the approach adopted by Eircom is that the wrongdoer and the person who is disconnected may not be the same person.

The evidence used to identify alleged filesharers is unreliable.

Recent studies in the US have shown that copyright holders often act on flimsy evidence – in one case, accusing three laser printers of illegal filesharing. Similarly there is substantial evidence of UK users being wrongfully targeted. This may in part be due to deliberate tactics to sow confusion.

For example, the operators of filesharing site ThePirateBay have confirmed that they insert random IP addresses into the information they provide as to who is sharing what file.

But whatever the reason it is likely that innocent Irish users will face wrongful accusations.

In addition, in the era of wireless technology it is very common for an internet connection to be shared by many members of a household. In fact, Eircom offers wireless routers as part of its broadband bundles. This means that cutting off internet access based on the actions of one user will have a detrimental effect on all the others using the same connection for education, entertainment or business purposes.

If a husband is accused of filesharing, should this have the effect of preventing his children from doing their homework, or his wife from working at home?

It is clear that in the household context, the alleged wrongdoer and the individuals punished are not the same and the impact can be wholly disproportionate.

There’s also a risk that users may be accused based on somebody else piggybacking on their wireless connection. In November 2009 it was revealed that Eircom had negligently supplied insecure wireless modems, affecting up to 250,000 users.

Consequently anyone within the signal range of these users can illegally share files without the account holder’s knowledge – and there is even an app for the iPhone to make this process easier.

Eircom state on their website that they will not disconnect business customers but the effects of these measures on a small business could be catastrophic where they have an ordinary household account (as many do).

Through no fault of their own, a small business might find their internet connectivity withdrawn because of the actions of another family member, a malicious neighbour or even because they happen to be unlucky enough to be assigned the same IP address as one ThePirateBay has randomly inserted into files sharing the latest U2 album. This is worrying in a situation where a person’s livelihood is at stake.

One criticism of the current approach is that it shifts the burden of preventing illegal file sharing onto the ISPs, driving up the cost of broadband for private users and businesses. While this is true, it in fact goes much further than that. This logic of this deal – particularly if it is extended to other ISPs – potentially places a burden onto small businesses such as hotels and coffee shops to police their users’ activity. This will come at a significant cost to these businesses who have limited resources in these hard times.

Quite apart from these criticisms, there are also significant problems of principle. Internet access is today a fundamental right and a necessity – especially as the government moves more public services online – but this system threatens to take away that right based on nothing more than a private agreement between IRMA and Eircom.

In other European countries proposals for similar laws have been the subject of public consultation and debated by national parliaments. Here, however, there has been no legislation and no Government or Oireachtas input of any sort. Indeed the full details of the deal between Eircom and IRMA have never been published. A recently passed European law requires that disconnection of internet users should be subject to “adequate procedural safeguards” and “effective judicial review” – this deal, however, doesn’t appear to provide for either.

Instead, it allows users to be disconnected with no right of appeal to any independent body.

In summary, the Eircom / IRMA deal and the “graduated response” procedure is a worrying development for Irish internet users – one which has been undemocratic in its adoption and is likely to be unreliable in its application.

TJ McIntyre is a Lecturer in the School of Law, UCD and chairman of Digital Rights Ireland

Dr. Richard Tynan is a Postdoctoral Research Fellow in the School of Computer Science and Informatics, UCD

Karlin Lillington has an excellent summary in today’s Irish Times, and here are some of the highlights:

Ireland is one of the countries accessing private information the most:

THE GARDA made more requests for phone-call traffic data in 2008 than police in Germany, which has 20 times the population of the Republic.

According to a leaked draft of a European Commission report, gardaí made more than 14,000 access requests for call data in 2008, a rate about 40 per cent higher than had been previously assumed by data privacy advocates, who had based an estimate of 10,000 on figures provided in the past by gardaí to the Office of the Data Protection Commissioner.

Older data is very seldom accessed:

According to the report, the vast majority of data requests across the EU – 85 per cent – are made when the data is less than seven months old, with the bulk of requests, 70 per cent, filed for data held for less than three months.

Statistics gathered from member states “support the conclusion that the relevance of data decreases significantly” with age, the report says.

The report found no concrete evidence from any state to support longer retention periods. “No objective elements were found that could support the choice of the retention period: neither the prevalence of certain forms of crime, the geography of the [member state], or (in-)efficiencies of a law enforcement organisation seem to support the choice,” it says.

The report shows there are very few requests within any state, including Ireland, for data after 12 months. Only 109 requests in aggregate from eight EU countries including Ireland were made in 2008 for mobile data held longer than 18 months. Only 39 total requests from the same eight countries were made for fixed-line call data stored longer than 18 months.

Fears of function creep have been borne out, and data retention is being used for matters such as filesharing cases:

It also notes that many member states have implemented the EU data retention directive by widening its scope and retaining data that was not retained in the past, often allowing it to be used for more purposes than outlined in the directive, such as for civil litigation on copyright in the UK. Such expansion is referred to as “mission creep” by privacy advocates.

Irish companies will be at a competitive disadvantage due to data retention:

The report says some respondents feel that in states with lengthy retention periods, private industry is at a competitive disadvantage because of the burden and costs that retention may impose directly or indirectly.

Several network operators said the need to invest in retention infrastructure had caused them to delay or abandon improvements to national networks.

Deutsche Telekom claimed it had spent €5.2 million on implementation of retention infrastructure and €3.7 million a year to facilitate about 13,000 call data requests and 6,500 internet data requests. Other operators said they had spent in excess of €4 million setting up systems for providing access to stored data.

As predicted, prepay SIM cards have made data retention measures ineffective and have led to Member States – including Ireland – attempting to ban their use:

In the Government’s response to a questionnaire on the State’s implementation of data retention, the Department of Justice noted it was considering ways to identify users of pre-paid SIM cards, an issue which was raised by several states.

In addition to these points, the full document is full of more damning details. For example, not one Member State provided any statistical information demonstrating that data retention was of use in any significant number of cases (p.7), while it’s clear from responses that the Directive – which was sold as a harmonisation measure – has completely failed to achieve this (p.8). Similarly, national data protection authorities have pointed out that they often lack proper powers to supervise data retention and that telecommunications companies often lack proper security over customer data (pp.9-10).

While the full judgment is 53 pages long, the gist is relatively simple.

Long story short: today’s decision has cleared the way for our challenge to proceed and to challenge the entire European legal basis for data retention.

(Following the wider European trend where Germany, Bulgaria and Romania have all found aspects of data retention to be unconstitutional.)

The longer version: Today’s decision dealt with three procedural issues which had to be cleared before we can argue the substance of the case: i.e. whether mass surveillance of this sort is compatible with constitutional guarantees of fundamental rights.

The first of these issues dealt with standing: could DRI (as a company, not a natural person) assert rights of privacy? And could it argue the rights of privacy of others? On this point the court held in our favour, accepting that DRI was a “sincere and serious litigant”, which raised these issues with bona fide interest and concern and ruling that it was appropriate for us to argue these points as this was a matter of “fundamental public importance”.

The second point dealt with an attempt by the State to stop the action in its tracks by seeking “security for costs” – i.e. requiring us to make a payment into court to cover the costs of the State should we lose the action. Because of the cost of High Court actions, requiring such a payment at the outset could effectively have prevented the case from being heard. Here the court rejected the State’s application, holding that:

the matters pleaded in this case do raise issues of significant public importance… Given the rapid advance of current technology it is of great importance to define the legitimate legal limits of modern surveillance techniques used by governments… without sufficient legal safeguards the potential for abuse and unwaranted invasion of privacy is obvious… That is not to say that this is the case here, but the potential is in my opinion so great that a greater scrutiny of the proposed legislation is certainly merited.”

Finally, the third point related to our application to refer this case to the European Court of Justice (“ECJ”). As data retention is now dealt with at a European level, it is important that we be able to challenge the European law in this area – something which can only be done before the ECJ in Luxembourg. Here the court again accepted our argument, holding that a reference to the ECJ was required and that it was appropriate that it be made at the current stage of the proceedings.

So what happens next? There will be some more legal argument next week about the precise questions which should be referred to the ECJ – after that, the case will be referred to the ECJ and will go into their system for a hearing in Luxembourg, which have implications for data retention across Europe.

The European Commission has proposed a directive requiring internet service providers (ISPs) to ban access to websites displaying child pornography. Unfortunately, this is the wrong action to take.

It won’t prevent access to the websites in question, and it will start a legislative ball rolling where industry lobby groups will begin to agitate for bans on access to all manner of websites.

The commission’s rationale is that many illegal websites are hosted outside the European Union.

Therefore, it has no power to prosecute the website owners or shut the sites down. The next best move, it reckons, is to compel ISPs across the EU to block access to such sites.

For the person trying to access such a site, a message will be displayed informing them that the URL is blocked.

Some argue that the new rules should go further; that ISPs should be required to keep a record of computer addresses that attempt to access these illegal sites and report them to the police.

There are a great many problems with adopting this approach. Most importantly, it won’t work. Technology used to block access to websites is, generally, old.

It is also quite easy to bypass for anyone who wishes to spend a few minutes online investigating how to do so.

Full text.

Sometimes, however, it can be informative to know what is being concealed. When answering FOI requests, departments prepare a schedule of records listing each document they hold by data and title.

Looking at this list (available here) it becomes clear that for some time now the Department of Justice has been proposing the introduction of internet blocking in Ireland – and has been doing this under the radar, without any public consultation or legislative approval. Indeed, it is clear from the list that the Department is not planning on introducing legislation but instead intends to introduce this new form of censorship without any legal basis, based on the now discredited Norwegian and Danish models.

(Item #39 is typical. While we don’t have the content, the description – “Copy detailed minutes of meeting between OIS [Office of Internet Safety] and An Garda Siochána 30/07/08 re proposed introduction of blocking technology – 4 pages” – is revealing. Item #48 shows that the discussions have gone as far as “operational procedures”.)

We’ll be writing more about this shortly – in the meantime, Karlin Lillington has a good piece in today’s Irish Times discussing the implications of these documents:

Putting up barriers to a free and open internet

The Government has been having high-level discussions on introducing internet blocking, writes KARLIN LILLINGTON

THE GOVERNMENT has had extensive private discussions on introducing internet blocking – barring access to websites or domains – according to material obtained under a Freedom of Information (FOI) request.

The approach is used by some internet service providers (ISPs) and mobile network operators to block access to child pornography. But increasingly, governments and law enforcement agencies are pushing for much broader use, ranging from blocking filesharing sites to trying to tackle cybercrime and terrorism.

Critics say internet blocking creates many problems with little real effect on illegal activity. For example, internet users and businesses have complained about the side-effects of domain blocking, where barring access to domains can shut down hundreds of personal and business websites as well as e-mail addresses associated with them.

The exact nature of the Government discussions cannot be determined as many of the requests for key documents were refused by the Department of Justice. However, the ongoing high level of discussion on the subject is indicated in the detailed description of each refused item in the list of materials returned by the department.

The FOI request, made by privacy advocate Digital Rights Ireland and seen by The Irish Times, contains eight pages of listed documents. One refused item details a June 2009 meeting between the department and Vodafone on the “introduction of internet filtering in Ireland”. Another is an e-mail from mobile operator 3 listing filter technologies it is using.

Another refused item details minutes of a meeting between the Office for Internet Safety and the Garda “re proposed introduction of blocking technology”. Discussions on the international use of blocking and on proposed European legislation were also refused.

Possible interest in the wider use of such technologies is indicated by a refused document in which an e-mail and note on blocking child pornography sites was forwarded to the official in the Department of Justice in charge of casino gaming regulation.

Proponents of internet blocking argue that it removes offensive and illegal material from the internet and can make it more difficult for child pornographers and their customers to operate.

But critics say it is a blunt instrument that does little to combat pornography or other activities, while causing headaches for networks and ISPs. It can also cause inconvenience and costly disruptions to service for innocent companies and individuals if their websites, internet access and e-mail get cut off.

Paul Durrant of the Internet Service Providers’ Association of Ireland says blocking brings cost burdens for service providers and is not particularly effective. He also says it often means many legitimate websites are barred.

Often, website operators are not informed that their site is on a blacklist and may be unaware that millions are denied access to it.

ISPs also object to taking on the role of policing illegal filesharing. Internationally, ISPs claim they are under increasing pressure from copyright holders and law enforcement agencies to bring in blocking software to do this. “It gets very difficult to judge what is illegal and this kind of blocking would be problematic to implement,” says Durrant. “The Government really needs to put clear laws in place if it wants to do this.”

Durrant adds that blocking “stifles a free and open internet” – a concern for national and international “smart-economy” businesses – and could affect inward investment and the ability of Irish businesses to operate effectively.

Existing evidence indicates that blocking is a clumsy approach and amounts to censorship, says TJ McIntyre, a barrister, UCD law lecturer and chairman of Digital Rights Ireland. He is concerned about the indications from his FOI request that blocking could be brought in on a national level.

McIntyre has written a paper arguing that increasing pressure on network providers and ISPs to act as third-party “gatekeepers”, often in a “voluntary” fashion, allows for unaccountable control of internet users and usage.

“Blocking involves censorship taken on no legal basis. There is no judge, no jury and no right to be heard if you are blocked,” says McIntyre. “The chances are it also will be used in unaccountable ways by unaccountable organisations.”

He adds: “If you want to stop people accessing certain material, the thing to do is to legislate for that.”

ANALYSIS: Data retention proposals about to become law here have been declared an invasion of privacy in Germany. Government please take note

IF THE Government fails to reconsider the terms of its Data Retention Bill, currently in its final stages before the Houses of the Oireachtas, it is likely to find that costly court challenges and a forced reworking of the legislation lie ahead.

The Retention of Data Bill 2009 seeks the overdue implementation of an EU directive on data retention (storage of call data for two years and internet-use data for one year, for everyone in the country, including children). It is the tail-end of a long process in which the right to privacy has been pitted against the needs of law enforcement to have access to records for criminal investigations.

Even as the Bill passed a Dáil vote that cements in its current provisions, there are signs that all is not well on the European front for national data retention legislation.

On Tuesday, in a significant finding, the German constitutional court threw out Germany’s existing data retention laws for a range of reasons, many of which have direct application to Ireland.

The German court echoed precisely the concerns expressed by many groups and individuals here about our own legislation – worries that were given a lone voice in the Dáil debate by Labour TD Seán Sherlock.

The German court found that enacting any data retention legislation requires a regard for what it termed the exceptional intensity of the interference with human rights that result from such measures. It therefore obligates the government to have clear and transparent measures in place to ensure data safety, data use, and adequate legal remedy available to citizens for misuse of personal data.

It said retention legislation must set a very high standard for safety of all data, and this cannot be balanced against a general burden of cost, whoever that may lie with. It underlined that access to data should only be allowed in cases targeting most serious crimes and terrorist offences. It argued that individuals must be notified after the fact that their information was accessed for an inquiry.

All of these issues have been highlighted as a concern in Ireland, where the Government has tried to downgrade the level of the crimes that our legislation applies to; does not outline a quality of service that must be met to protect data; does not cover the costs of managing and protecting data, but passes them on to the internet and telecoms sector; and does not give adequate legal remedy to citizens nor adequate oversight. Irish legislation would not meet the provisions laid out by the German court.

Privacy advocacy group Digital Rights Ireland has already brought a constitutional case against the Government in the High Court on the constitutionality of Irish legislation. This is widely expected to be referred to the European Court of Human Rights and prove a test case on the issue for the EU as a whole, where the German case will signal issues likely to prove troublesome for Irish and other EU nations’ retention laws.

Full text.