Violations only made worse by new plans for data retention

 

The Government is planning an alarming expansion of its surveillance of citizens, writes TJ McIntyre.

SUPPOSE THAT someone was monitoring you every day, writing down your movements, making a note of everyone you talked to, copying the name and address on every letter you posted, and then storing that information for three years. Now suppose that every person in the country was under similar surveillance.

While this might seem like science fiction, since a secret ministerial order of 2002 the Government has required telephone companies to do just that. They are required to track the whereabouts of all users via their mobile phones, to log details (but not the content) of every telephone call made and every text message sent and to store that information for three years.

The Department of Justice now proposes to extend this to the internet, by requiring internet service providers to monitor the internet use of every person in Ireland, recording names, details of every e-mail or instant message sent and every time a user logs on, and to store that information for 12 months.

Moreover, they plan to do this in a way which will limit democratic scrutiny, by using a statutory instrument and not a Bill which would be examined by the Dáil and Seanad.

(Ironically, these proposals were revealed on the same day that thousands of Bank of Ireland customers learned that their confidential data had been stolen.)

This system has been given the bureaucratic and innocuous-sounding name "data retention". A more apt term, however, is "dataveillance" - surveillance through the use of databases. Unlike traditional targeted surveillance, it involves the gathering of information on all citizens - judge, journalist and jailbird alike - creating a digital dossier of their movements and communications, without any requirement for judicial authorisation or even police suspicion.

What protections are in place to limit the use of this information? The former minister for justice, Michael McDowell, promised that access to these databases would be an extraordinary measure, used to deal with serious crime and terrorism.

However, such safeguards were never implemented. Under current law gardaí can access these databases without a warrant, in respect of any crime (or even possible future crime), however trivial, and in respect of any person (not merely suspects). The result, according to the Data Protection Commissioner, is that more than 10,000 requests are made for this information every year - more than 300 per day.

European law should have changed this, by restricting access to cases of serious crime only. Generally under Irish law a serious offence is one which carries a possible prison sentence of five years or more. However, the current Department of Justice proposals cynically negate this safeguard by redefining serious offences for the purpose of data retention to mean offences which have a possible sentence of six months' imprisonment.

This will include such crimes as failure to move on when asked to do so by a garda.

There is also a likelihood that others will abuse or simply lose these records. In Germany it was revealed recently that Deutsche Telekom had been using telephone databases to spy on journalists who wrote unfavourably about the company. In the United Kingdom government departments have allowed confidential data on many millions of individuals to be compromised.

Here in Ireland officials in the Department of Social Welfare have been found by the Data Protection Commissioner to be engaged in the systematic leaking and selling of personal information from government databases. There is no reason to think that this information will be treated any differently.

Information gained from telephone and internet records can be valuable in the investigation and prosecution of crime - but there are other ways of ensuring that police can have access to this data without jeopardising the right to privacy.

In 2001 Ireland signed the Council of Europe Convention on Cybercrime, which achieved international agreement on a more proportionate "data preservation" system, which would enable police to mount surveillance and preserve evidence but would avoid blanket surveillance of all citizens at all times.

This system would still have provided for the use of this information in, for example, investigating the Omagh bombing.

But without any explanation, the Government has failed to implement the convention, jumping straight to the more intrusive option of data retention without first testing data preservation.

Privacy is a fundamental right, guaranteed under Irish, European and international law. Being able to go about our everyday business without systematic state scrutiny is an essential part of a democratic society. Data retention is something entirely new - it provides for pre-emptive surveillance of the entire population on the basis that some of them might at some stage commit some crime and that this information might then be of assistance.

In effect, it treats everyone as potentially guilty and as such reverses the presumption of innocence. Such ongoing monitoring of the entire population is remarkable in a democracy and is so excessive and disproportionate as to violate the right to privacy. No evidence has been put forward to show that it is necessary or that less intrusive alternatives would not suffice.

Digital Rights Ireland has brought a High Court challenge to Irish and European data retention laws, which will ultimately determine whether surveillance of all citizens can be compatible with the Constitution and the European Convention on Human Rights.

In the meantime, the Department of Justice proposals to extend data retention to the internet should at the very least be the subject of primary legislation, allowing for a full public discussion of these issues and democratic scrutiny by the Oireachtas.

TJ McIntyre is a solicitor, lecturer in law in UCD and chairman of Digital Rights Ireland