28.02.2008 - “From the age of uniformity, from the age of solitude, from the age of Big Brother, from the age of doublethink – greetings!” – George Orwell, 1984
We are about to enter into a state where every digital step you take is recorded. At the end of March, the Government will introduce the most draconian law in the history of personal privacy in Ireland: 24-hour internet monitoring. A log will be made of everyone’s internet activity and every email sent and received.

Greetings from the State of surveillance.

By the end of March 2008, the Irish Government will begin mass digital surveillance, noting when we log on and log off the internet, as well as every email we send and who we send it to. We have entered into a new democratic state where our entire digital footprint is recorded and stored for up to two years by our internet service providers (ISPs).

Legal professionals suggest the move equates to the mass digital surveillance of the entire people of Ireland and may leave the Government to weather a brewing legal storm over the issues of human rights and privacy.

The Criminal Justice (Terrorist Offences) Act 2005 implies that personal data would only ever be accessed in the situation of fighting terrorist offences.
But this is not the case: presently your stored telecommunications data may be accessed in the investigation of any crime, be it serious or trivial, in relation to a terrorist offence or not at all.

So what is the worst that can happen? Death, according to the personal weblog of law lecturer and chair of civil rights group Digital Rights Ireland, TJ McIntyre. He was referring to the case of a pensioner in the UK who died following a heart attack after a brick was thrown through the window of his house by an irate driver who felt he had taken her parking space at the local supermarket.

How did this woman track down the elderly man? Her boyfriend called in a favour from a policeman friend who provided the man’s home address after running his registration plate through the system.

Granted, this example is extreme, but even the ‘mildest’ outcome of this surveillance still means a massive storage headache for the Irish IT industry. A more severe case is a damaging security breach and public information leak. We have seen recent cases both in Ireland and the UK where breach of private data has ranged from criminal to accidental with far-reaching implications.

Here in Ireland several data leaks have occurred, including the case of a senior civil servant who accessed without authorisation and then sold the social welfare records of 40 different individuals to the media.

Furthermore, the Data Protection Commissioner, Billy Hawkes, doesn’t think the wide scope given to the Gardaí to access our stored data will be reined in.

“We are taking it that no attempt will be made to raise the bar from the current provisions which permit access to these records by the Gardaí when investigating ‘crime’, in order to bring them into line with the directive provision requiring access to records when investigating ‘serious crime’,” he says.

“Even more worrying is the recent loss of a laptop containing almost 175,000 patient records belonging to the Irish Blood Transfusion Service. The laptop was stolen from a worker at a New York blood bank who had taken it from the premises while carrying out a software upgrade. It contains files relating to 174,324 donor records and 3,294 patient blood group records made between July and October last year.”

This leaves us in a situation where the ISPs are investing in terabytes of extra storage to retain data that if lost or breached will affect everyone, while those who wish to avoid detection have the ability to do so.

The cost of this data retention weighs heavily on the minds of ISPs located here in Ireland.

If the Government was to go in line with the current data retention period of three years for telephony and decide upon the upper limit of two years for internet data, then this could have the effect of de-clawing the already ageing Celtic Tiger, warns Paul Durrant, general manager of the Internet Service Providers Association of Ireland (ISPAI).

“The ISPAI is very concerned that if the Irish Government decides upon a retention period of over six months, greater than most of our leading competitors in Europe, this could have a detrimental effect on the IT industry in Ireland, which has played such a central role in generating the Celtic Tiger and giving us the standard of living that we now have.

“People don’t realise how volatile and how mobile internet-based industries are. Marginal cost differences can have a huge impact on location-based decisions,” says Durrant.

Google, with European headquarters in Dublin, has previously expressed concern over the provisions of the EU Directive and its impact on consumer privacy, internet firms and the ISPs.

“Google isn’t just a large employer but a very significant one because it acts as a beacon for other high-tech firms and shows that Ireland is a serious player in the international market,” says Simon McGarr of McGarr Solicitors.

McGarr’s firm represents civil rights group Digital Rights Ireland in its ongoing case against domestic and EU data retention laws.

“When this data retention is extended to internet data, it requires ISPs to store information that they have absolutely no business requirements for. It is being stored purely to meet the requirements of this legislation and therefore is a huge additional burden on many ISPs,” Durrant observes.

Given the short timeframe for putting this legislation into action, the industry – ie ISPs – should know the score. They are charged with the responsibility of storing this vast bank of data on the Irish citizen, but frustratingly they are still not quite sure of their role in the process.

“We, as ISPs, do not have any difficulty with the objective of fighting serious crime but what we need are clear instructions on the expectations of governments across Europe as to what exactly it is we have to retain and when,” says Durrant.

Shane Deasy, managing director for wireless internet provider BitBuzz, while willing and able to comply with the new legislation, echoes Durrant’s sentiment: “There is a grey area – details we have yet to get answers to.

“The industry has met with the Department of Justice and has had several discussions on this forthcoming legislation but to my knowledge the industry has not yet been given information on exactly what data they are required to store and for how long.

“It may require a lot more storage on the part of the ISPs but at the moment we simply don’t know exactly what we are going to be asked to retain.”

If the notion of mass electronic surveillance makes you feel uncomfortable and you are left wondering when this democratic decision was made and why you didn’t add your tuppenceworth, it is probably worth mentioning that you never had a say in the first place.

Current data retention requirements in Ireland have their legal grounding in the Criminal Justice (Terrorist Offences) Act 2005, added on at the last minute and pushed through by the then Minister for Justice, Michael McDowell, without public discussion or visibility.

This time around it seems to be the same old story. “We have not yet seen any specific proposals from the Government, either in terms of a statutory instrument or anything else,” says Pat Rabbitte, Labour’s justice spokesman.

Rabbitte vows not to let this happen again with the impending EU data retention directive: “We will insist that this does not happen on this occasion and that all proposals in this area are properly discussed and their implications fully teased.”

Clearly opposition parties, civil rights groups and Irish citizens feel the need for more discussion surrounding the directive before it is rushed through by statutory instrument.

“The Irish Government claims it is introducing the directive now because it is running out of time but in fact it had the power to avail of a further exemption for another 18 months: something many other member states did but Ireland chose not to,” says McGarr.

The big question, he adds, is whether our civil rights under Article 8 of the European Convention on Human Rights are being upheld: “This is the mass surveillance of the people of Ireland.”

All this information is being stored about every innocent citizen out there and Durrant along with many others believes that it is in some ways turning around the whole reality of our legal system.

The real problem with this directive, he says, is that ISPs will be storing terabytes upon terabytes of data relating to innocent people who are doing nothing except going about their normal digital lives of browsing and emailing.

The adage of “the innocent have nothing to fear” is clearly not the case and McIntyre adds that data retention is trivially easy to circumvent, so those who want to avoid being detected will find a way regardless of mass digital surveillance.

“If you want to avoid data retention, there is simple software you can use to do it and simple mechanisms such as using a non-EU web-based email provider,” he said, adding that telephony monitoring can be avoided by purchasing a pre-pay mobile SIM card, which does not require registration.

“The criminals, who you really want to capture, are the very people who will take the trouble to know how to get around this, so although they will possibly leave digital footprints, it could be extremely difficult to find them.”
http://www.siliconrepublic.com/news/news.n...yid=single10383

I live in ireland myself and I find these measures are extremely harsh, Anyone else agree?

It's becoming the same everywhere. In each country it seems that the state is seeking to extend the scope of its powers and its duties so that it can preside over every aspect of living.