Extending Irish interception of communications to the Internet

About Cookies

Earlier this week the Department of Justice published a long awaited policy document on amending Irish law relating to interception of communications. In a welcome break with tradition the Department has been more willing to engage with outsiders and in a meeting today with the IHREC, ICCL and ourselves the Department elaborated on its plans and sought feedback.

The proposals are still not fully fleshed out, but in short the Department plans to take the existing regime for interception of traditional telephony – voice calls and text messages primarily – and to extend it to the internet. The result would be to allow interception of “over the top” services (such as webmail or Twitter direct messages) on the basis of the signature of the Minister for Justice. No judicial authorisation would be required and the overall authorisation, oversight and complaint mechanisms would be essentially untouched. There would be some provisions requiring providers to strip encryption from messages in some cases, but these are still at a very preliminary stage.

We will publish more detailed analysis later, but the key point is that the proposals aim to extend a deeply flawed system without addressing the fundamental problems which make the existing system in breach of international fundamental rights standards. In our discussion we highlighted the following issues:

  • Surveillance based on political authorisation (rather than a judicial warrant) is undesirable, inconsistent with caselaw such as Digital Rights Ireland and unnecessary. Irish law already provides for bugging of buildings and cars to be carried out on the basis of a judge’s decision – there is no reason why reading webmail should be different.
  • International human rights standards require that particularly sensitive communications – particularly between journalists/source and lawyer/client – should receive special protection. Irish interception law fails to do this at the moment and would not do so under these proposals.
  • The oversight mechanism is ineffective – the existing “designated judge” mechanism is a part-time job of a busy High Court judge with no technical expertise or staff, is completely lacking in transparency and has failed to pick up on multiple issues with the data retention system. This would remain as is.
  • International human rights standards require some form of notification after surveillance where this is possible without jeopardising investigations or compromising national security. This is common in jurisdictions such as Canada, Belgium and Germany. Irish law already recognises this in the case of physical bugs – but there is no provision for notification in the case of interception and this will continue if these proposals are implemented.
  • The existing system has almost no controls on downstream use of intercepted communications – i.e. whether intercepted material is assessed for relevance and deleted if irrelevant or intercepted by mistake, how intercepted material is shared with other state agencies or other countries, when intercepted material must be deleted, and so on. Again, this would not be addressed.
  • Under current law there is no oversight of access to stored communications – such as webmail history – and the proposals appear to leave this unchanged.

The Department of Justice has acknowledged a need to look at these overall issues, and had said that it will refer the area to the Law Reform Commission – but any LRC report would come only after these proposals have been implemented. We think that this is putting the cart before the horse. Reform of the entire system for interception of communications is urgently needed, and the system should not be extended any further until these points are addressed.

Image Credit: Matthew Pearce