“We could have secret prosecutions over secret interpretations of secret laws.” That’s how TJ McIntyre, of University College Dublin’s school of law and advocacy group Digital Rights Ireland, describes the potential impact of a piece of dormant legislation that Minister for Justice Frances Fitzgerald quietly signed into law two weeks ago. I disclosed the story in this newspaper on Saturday; see irishtimes.com/business/ technology/state-sanctions-phone-and- email-tapping-1.2027844.
Using the binding form of a statutory instrument, the Minister enacted the until-now-abandoned third part of the Criminal Justice (Mutual Assistance) Act 2008. This section governs the tapping by foreign governments of Irish phone calls and the interception of Irish emails. It also outlines how Ireland can request tapping in other countries for an Irish-based criminal investigation.
Many aspects of this piece of surveillance legislation – both context and content – are alarming. Some initial responses to the story, however, placed a misguided focus on the Act’s allowing any surveillance at all.
Communications surveillance is occasionally needed, as some international investigations require communications taps. In order to do them lawfully, security forces need agreements between governments.
A well-constructed agreement, with proper processes, transparency and oversight, supports privacy and human rights. Such agreements give recourse when correct procedures are not followed, as, for example, when Britain’s surveillance agency, General Communications Headquarters (GCHQ), listened in surreptitiously to communications data on the major cables linking Britain and Ireland.
That’s around the same time our Minister signed the statutory instrument. Perhaps the timing was coincidental. Or it may be that it was useful for the State to have another mutual legal assistance treaty (MLAT) in place, given its support of Microsoft’s case in a looming US trial, in which the company is challenging the right of a US state court to demand that it directly – without MLATs – hand over emails stored at a data centre in this country. A ruling for the US could jeopardise Ireland’s multinational business ecosystem. Thus the statutory instrument, on the face of it, might seem a timely response. But it actually raises more questions than it answers.
Why was the third section left alone when the rest of the Act was passed six years ago? The same arguments for lawful surveillance existed in 2008. Why was it, like other Irish surveillance legislation affecting Irish citizens and companies, enacted in a secretive way?
Why, after a year in which Snowden’s disclosures have shaken public, business and government trust in security agencies, was this not taken as an opportunity to have a sorely missing public and Dáil debate on such issues?
And if this legislation was indeed needed, what surveillance regime has been in place up until now? Why is the Government so spineless that it will not respond publicly, on behalf of its spied-upon citizens, to the Snowden revelations about the Irish cables, instead of using a statutory instrument?
Finally, I have seen Department of Justice discussion documents obtained under freedom-of-information requests that indicate the department has known for years that significant legal questions hang over the context in which two 1983 and 1993 criminal-law Acts are used as a basis for making interception demands on telecommunications companies generally. The Department of Justice cites both as the basis for the 2008 Act.
But all these are minor worries compared to an unprecedented section of the Act which now allows, for the first time in Ireland, the establishment of secret courts to prosecute firms that might object to the grounds or legality of an interception order, or refuse to comply. Think about that.
Secret courts were never mandated for the decades-long sectarian violence and terrorist acts seen on this island, north and south. But they are to be used against internet and telecoms companies, which will not be allowed to reveal that they are concerned about, say, the legality of a request. Nor the fact that they are being prosecuted. Nor the charge. Nor the outcome.
Ireland, with no explanation, has just introduced courts similar to the controversial Fisa courts in the US, which have been at the heart of congressional concerns about proper oversight of the National Security Agency’s activities.
The situation threatened to become a full-on constitutional challenge until a minister for justice, Michael McDowell, made data retention lawful by sneaking it into an unrelated Bill, passed by an almost empty Dáil with little discussion.
And that regime of data retention, eventually mandated by EU directive, was dramatically overturned this year in the European Court of Justice, after a High Court challenge by Digital Rights Ireland to the State’s data retention regime was referred to the court.
Which connects right back to the Minister’s statutory instrument, because – on the basis of the European court’s comprehensive judgment – the statutory instrument, in particular the secret in-camera courts, appears to be in violation of that ruling. It states that surveillance and data gathering must be proportional, with adequate oversight, and allow for retrospective notification if people or organisations are placed under surveillance. This would almost certainly invalidate the Government’s defence of needing the third part of the 2008 Act in order to comply with sections of the Treaty of Lisbon.
Instead, we have have the disgraceful prospect of surveillance without proper legal grounding, and secret prosecutions over secret interpretations of secret laws.