The Department of Justice's proposed data retention bill may have serious consequences, Karlin Lillington reports.
For weeks, the Government has been nervously eyeing Irish protests against the looming war in Iraq, wary of how those demonstrations might be viewed by American businesses.
Maybe officials should be looking inside Leinster House instead. For months, the Government has been steadily planning measures that could be far more likely to scare the deep pockets off American inward investment.
In addition, businesses fear increased legal risks and extra costs, and think the measures could affect the State's attractiveness as a place to do business.
The object of growing concern is the Department of Justice's proposed data retention bill - a piece of legislation that would require telecommunications operators to store traffic information about every fax, mobile and phone call, as well as email and internet usage, for three years; longer than any other EU state. Traffic information includes data about who sent and received calls and emails, where the sender and receiver were located, how long calls lasted, the size of emails, what web pages were visited, when and for how long. The content of calls and emails is not preserved.
"This is a really bad idea and makes no business sense whatsoever. In all dimensions this will have a very negative impact on Ireland's competitiveness as an e-business location," said Mr Annrai O'Toole, chairman of the Digital Business Council of the Chambers of Commerce of Ireland. He is also executive chairman of Cape Clear Software and one of the founders of Iona Technologies.
ICT Ireland, the information and communications technology industry group, is also worried. "The member companies are most concerned at developments at a national level regarding this proposed legislation," said director Mr Brendan Butler. "There has been little or no consultation with industry." He worries that such a bill could "damage Ireland's international reputation as a location of choice for foreign direct investment".
"Any legislation should mirror what's happening across the EU and not put Ireland at a disadvantage," said Mr Joe Macri, general manager of Microsoft Ireland, one of the largest multinationals operating here.
The push for new data retention powers comes from local and international law enforcement, which wants to be able to retrieve information it finds is "a huge requirement" for investigations, according to Assistant Garda Commissioner Joseph Egan. Mr Egan spoke on Monday at an information forum on the retention bill, organised in Dublin by the Department of Justice.
A bill needs to be introduced because "at the moment we have largely unregulated access to this information", Minister for Justice, Mr McDowell, said at the event. "There are no checks and balances outside of good faith and the good will of the security forces."
He hoped to strike a balance between the need to protect personal privacy and ensure national security, he said.
But Department officials have been presenting the issue as a simple attempt "to preserve the status quo in light of developments at EU level", according to a note sent to one organisation. They argue that telecoms companies have been keeping call data traffic for six years anyway.
But if the State had implemented the 1997 EU Data Protection Directive instead of delaying its implementation until last year - a delay so lengthy the EU threatened the State with legal action - six years of retention would have been illegal. As the case stands, this six-year policy has been challenged by Irish Data Protection Commissioner Mr Joe Meade, who feels six months is adequate - and this has created a legal limbo that the retention bill is intended to resolve.
However, the Department wants to include traffic information about emails and even Web-surfing details, an expansion that goes far beyond the "status quo".
In addition, it emerged this week that the Cabinet last April had secretly approved mandatory call data retention, to make sure it was stored until full legislation was in place. According to Mr Meade, Minister for Public Enterprise Ms O'Rourke issued a Direction and the Cabinet then told telecommunications operators to keep the Direction confidential.
Such a step means that the Republic is the only state in the western world with a mandatory data retention law in place. The Taoiseach, Mr Ahern, was asked by Sinn Féin Deputy Mr Aengus O Snodaigh why the Direction had been issued and then kept secret, but he claims Mr Ahern dodged the question.
Such revelations will not reassure the many industry groups who feel they have been kept in the dark about data retention plans.
Most technology and telecoms industry organisations had no idea a bill was being planned and weren't invited to the forum. These include industry stalwarts such as ICT Ireland, the Irish Software Association, the chambers of commerce and their digital business groups, the Association of Licensed Telecoms Operators (ALTO).
Telecoms operators and systems analysts say the costs and technical feasibility of introducing data retention on such a scale poses enormous, if not insurmountable, problems. "From a technical viewpoint, it's going to be very, very difficult to pin down what should and can be looked at," Mr Donal Cunningham of the Irish Systems Administrators Guild told the forum.
Web-based email - the type used by many of the September 11th terrorists for communications - would be particularly difficult to examine, he said.
Retaining traffic information about customer emails and internet activities would cost at least €34 million over four years for each large computer handling such information, according to a representative from Esat/BT who spoke at the forum.
Telecommunications and Internet Federation member Mr William Fagan said such costs would likely be passed on to consumers and businesses.
According to barrister Mr Denis Kelleher, who spoke at the forum, having sensitive trafficking information in databases for three years, looked after by local phone and internet companies, raises serious security and risk issues for many businesses.
"There is a concern that this policy may well damage this country's attractiveness," he said.
"Holding on to data on the basis that you might do something wrong is a premise that's very wrong, and doesn't equate to the type of democracy Ireland has aspired to," said Mr Fergus Gloster, EMEA vice-president for US company Salesforce.com and former technical director at Oracle Ireland. He fears the proposal "raises excessive barriers to doing business".
Dr Simon Dobson, managing director of travel software company Aurium, agrees. "Three years is quite a long time to hold data. The temptation to go searching it for suspects would be overwhelming." He said he wouldn't feel comfortable having traffic data held that could reveal negotiations with clients and sub-contractors, and expressed concern about how security at various telecoms providers could be guaranteed.
Ms Maria Farrell, policy adviser for the International Chamber of Commerce in Paris, said the ICC strongly opposed data retention: "Businesses feel the breadth of such proposals are very wide."
That's also the conclusion of a parliamentary group examining a 12-month data retention proposal in Britain, which recommended Britain opt for data preservation instead - the practice in the US, where data is retained as requested under warrant.
The report expressed concern that telecommunications operators might move operations offshore, and businesses handling data might leave Britain.
In addition, German businesses said they could not comply with British demands for retention as German laws are more stringent for protecting privacy, while Microsoft UK also expressed alarm at having to produce products solely for the market in Britain in an environment potentially damaging to the growth of the internet.
"Just because technology allows something to be done doesn't necessarily mean it should," said Mr Gloster.
"I think you're going to make Ireland a very unattractive place to do business, and companies may just go elsewhere.
"Should the Government be given access to your phone, email and internet records? Have your say on ireland.com/business. A selection of comments will be printed on the business pages tomorrow.
