Irish Times Endorses Data Retention Case

Yesterday’s Irish Times contained an editorial (subscription required) discussing data retention and supporting our case. We’ve taken the liberty of reproducing it here:

Data retention needs fine balance

How closely should a State monitor its citizens? Should it track every letter you send and receive? Should it fit you with a transmitter, broadcasting your location throughout the day? Should the library inform it of the books and magazines you read, and shops pass along details of items you browse and buy? If you contact the Samaritans, an Aids hotline, an alcoholism treatment programme, should the Garda and State be informed?

Most people would answer ‘No’. Ongoing, unwarranted surveillance of our daily activities is contrary to the very notion of living in a free and open democracy. Yet Ireland has in place a data retention law that permits the electronic equivalent of such surveillance, with plans to introduce an expansion on what can be gathered, held and examined, even for the most trivial misdemeanour.

At the moment, details – but not the content – of every phone, mobile and fax call is stored for three years. This information includes a daily record of the physical location of mobile phone users and data on every number called. The Minister for Justice promised that Garda access to call data would be tightly controlled but access restrictions were never imposed, a situation repeatedly criticised by Data Protection Commissioner Billy Hawkes. And an incoming – and controversial – EU directive will require the storage of similar information relating to e-mails sent and received, and web pages viewed.

Perhaps because such legislation deals with electronic data, and the surveillance happens unseen in the background, it has not provoked significant public debate. But electronic monitoring is potentially far more invasive than the “real world” equivalents noted above, as it carries greater possibilities for abuse and misuse, ranging from blackmail to faulty “profiling” to identity theft. Such large-scale surveillance reverses many tenets of democratic society.

It is legitimate, of course, that law-enforcement agencies should have access to some call data. Such information has helped in several high-profile prosecutions, including the Omagh bombing case. But access must be proportional to the threat posed. In particular, there should be clear evidence of a need to move beyond the six months of storage for these data already mandated for billing purposes. Neither the Government nor Garda has come up with a case in which they needed call data from earlier than this six-month framework.

Privacy watchdog Digital Rights Ireland has launched a legal challenge on constitutional and human rights grounds in an attempt to halt the gathering and long-term storage of such data. The case is likely to make its way to the Supreme Court, and from there to the EU courts, as a challenge to the EU directive. Given the breadth of the Irish data retention regime, surpassing that of most other democracies, it is appropriate that it should be tested in this manner. It is important also that the issues involved be subject to proper, if belated, public debate.