Why Ireland must protect privacy of Irish emails and internet usage from surveillance

‘There is a dawning Government realisation that individuals are concerned about privacy and, if nothing else, in order to keep attracting internet businesses Ireland must be seen as a nation which respects data protection and privacy’

It’s now over a year since Edward Snowden (above) went public with evidence of mass surveillance and extensive abuses by the NSA, GCHQ and other intelligence agencies. ‘The Data Protection Commissioner has had her funding doubled, while the Minister of State for Data Protection, Dara Murphy, has called for the US government to obey Irish laws in seeking to access information held by Microsoft in its Irish data centre.’ Photograph: AP Photo/The Guardian
It’s now over a year since Edward Snowden (above) went public with evidence of mass surveillance and extensive abuses by the NSA, GCHQ and other intelligence agencies. ‘The Data Protection Commissioner has had her funding doubled, while the Minister of State for Data Protection, Dara Murphy, has called for the US government to obey Irish laws in seeking to access information held by Microsoft in its Irish data centre.’ Photograph: AP Photo/The Guardian

It’s now over a year since Edward Snowden went public with evidence of mass surveillance and extensive abuses by the NSA, GCHQ and other intelligence agencies. In other countries these revelations prompted parliamentary inquiries, diplomatic representations and legislation. In Ireland the only response was a promise by the then Minister for Justice, Alan Shatter, to help extradite Mr Snowden should he land here.

This head in the sand posture has continued even after the publication of new documents showing how GCHQ targeted Ireland by tapping our fibre optic cables. This confirms that our emails and internet use are being caught in the Tempora system which stores the full content of internet traffic of all users for at least three days. However, the Taoiseach has refused to take any action on the basis that any surveillance “is being carried out within the UK’s own jurisdiction” – as if our privacy is any the less at risk if the cable is tapped at the Cornwall rather than the Wexford end.

The unwillingness to act reflects a wider problem, where successive governments have either neglected or been actively hostile to privacy online.

The Irish Government was one of the main proponents of the 2006 Data Retention Directive – a European law which required telecoms providers to spy on their customers by logging details of their movements, phone and email use, information which would then be available without any court order.

READ MORE

In a case brought by Digital Rights Ireland that law was struck down by the European Court of Justice, which found that it was a “wide-ranging and particularly serious interference with the fundamental right to privacy” which would result in “private lives being the subject of constant surveillance”.

Our domestic laws are equally flawed. The law on interception of communications has its origins in a 1982 scandal where Fianna Fáil minister for justice Seán Doherty signed warrants to tap the phones of journalists Geraldine Kennedy, Bruce Arnold and Vincent Browne in relation to their coverage of a leadership challenge to Charles Haughey. But despite that abuse the current law still leaves the power to tap phones in the hands of a politician rather than requiring applications to be approved by a judge.

Fig leaf

There is a figleaf of regulation by a designated High Court judge, who is supposed to “keep the operation of the law under review” in relation to telephone and internet surveillance. However, successive one-page “annual reports” from these designated judges have confirmed that they lack the capacity to provide effective oversight.

In particular, the designated judge system failed to spot the fact that one detective sergeant was using the data retention system to spy on her former partner and the system failed to identify a Garda practice where requests to telephone companies were being illegally rubber-stamped after the fact. In both cases these abuses were detected only by outsiders.

A further concern is the secret nature of the Irish system. There are no official statistics on the extent of telephone tapping and the Department of Justice has forbidden telecom providers to publish their own statistics.

The basis for interception of communications is a number of “ministerial directions” to telecoms firms, requiring them to establish surveillance systems. However both the contents and the identity of the firms involved are secret, and there is no clarity as to what the directions involve. One firm – Vodafone – has stated that these ministerial directions could even require direct State access to its network, bypassing any safeguards on its side. These secret directions certainly breach the requirements of the European Convention on Human Rights that the law on surveillance should be adequately accessible to the public.

These secret rules have recently been matched by a system of secret trials. One of the most fundamental aspects of the Constitution is that justice shall be administered in public. Even in rape trials and family law cases journalists can be present.

Secret trials

Despite this, the Minister for Justice has now signed into force a provision which would allow for entirely secret criminal trials – where the identity of the defendant and the fact of the trial is concealed – in cases where a telecoms company is unwilling to obey a ministerial direction to implement surveillance of its users.

If the system of ministerial directions were abused this would allow the government to silence the telecoms providers and ensure that they could not reveal that fact. This provision for secret trials over secret interpretations of secret rules is unacceptable in a democracy.

There is some light at the end of the tunnel. There is a dawning government realisation that individuals are concerned about privacy and, if nothing else, in order to keep attracting internet businesses Ireland must be seen as a nation which respects data protection and privacy.

The Data Protection Commissioner has been promised significantly increased funding and a new Dublin office, while the Minister of State for Data Protection, Dara Murphy, has called for the US government to obey Irish laws in seeking to access information held by Microsoft in its Irish data centre. These are welcome developments but need to be matched by significant reform of the system of surveillance in Ireland, as well as a willingness to stand up for the rights of Irish citizens internationally. Dr TJ McIntyre is a lecturer in the UCD Sutherland School of Law and chair of Digital Rights Ireland