New laws on data protection and surveillance are threatening our ability to attract and retain investment by major multinationals, writes Karlin Lillington
Is Big Brother Irish? Some of Ireland's most prominent companies and top employers have now joined privacy advocates and international civil liberties organisations in worrying that this is the case.
Why? Because, in a decade, Ireland has gone from an international reputation as a moral voice for civil liberties, protective of personal and business privacy, to leading the drive in Europe for long-term storage of private data, from phone calls to e-mail.
Recent legislation - with more in the pipeline - has so alarmed companies such as Microsoft, Iona Technologies and Oracle that their much-respected company leaders, who are regularly consulted by the Government on a range of business issues, are now speaking out.
They are worried at the scope of current and proposed legislation on data retention and surveillance operations, and at the threat this poses to personal and business privacy, as well as by the lack of independent oversight of such legislation.
The implication is clear: Ireland's ability to attract and hang on to the Irish and multinational companies which underpin its economic success will be seriously damaged if the State does not haul back on such legislation.
Joe Macri, managing director of Microsoft Ireland, one of the Government's most prized multinationals, warns: "Irish legislation is going beyond what is required from an EU perspective and is going to put significant additional costs on businesses from an administrative and a capital investment perspective. While we respect and understand the needs and concerns of the law enforcement agencies, there is also a need to take personal privacy concerns and the broader needs of business into consideration."
The year-old Irish data retention law, which requires the storage of traffic information (but not content) of phone and mobile calls and faxes, currently has one of the longest storage periods in Europe at three years. In addition, a recent EU-mandated directive requires e-mail and internet data to also be stored.
Incoming EU legislation permits storage of data for between six months and two years, but Minister for Justice Michael McDowell has signalled an intention to take the EU to court to allow Ireland to hold data for even longer than the EU's maximum two-year period.
Cost concerns come from the extra burden placed on telecommunications and internet operators and, potentially, businesses themselves, for storing and managing the massive amounts of traffic data which are generated daily by the entire Irish population.
Eircom's Pat Galvin, vice-chairman of the Telecommunications and Internet Federation (TIF), says: "All network operators share the same concerns on costs and the operational impacts of retaining and retrieving data. At the end of the day, these costs will have to be recovered from customers."
BT Ireland has estimated these costs at €34 million annually to each server. Galvin believes Ireland's "punitive" retention period will send companies elsewhere in Europe.
Dr Chris Horn, co-founder and vice-chairman of Iona Technologies, says that given the Government's poor record on understanding as well as managing major information technology projects, from PPARS to Pulse to e-voting, "what confidence can the Irish public and businesses have that agencies of this State, and companies by law acting on their behalf, can adequately gather and in particular protect highly-sensitive information?"
Oracle Ireland chief executive Paul O'Riordan has expressed concern at the current lack of guidelines for the secure management of data or oversight of how this will be done.
Mr McDowell's recent reading out to the Seanad, in Irish, of a Bill which would allow phone-tapping and internet surveillance without warrants is a further example of the Government's opaque approach to introducing legislation giving Irish and foreign police wide-ranging powers to access personal data.
"There is not even the pretence of debate on any of these issues," says Malachy Murphy, Irish Council for Civil Liberties co-chairman. "It is not healthy in a democracy to have no true assessment of these proposals and their effects on the rights of Irish citizens."
The purposefully deceptive way in which the State has introduced all these measures has not only shocked privacy advocates and businesses here, but international observers.
Data retention was secretly brought in under Cabinet direction in 2002. When finally disclosed, the direction was lambasted by international civil liberties groups Privacy International in London and the Electronic Privacy Information Centre in Washington. University of Limerick constitutional law expert Prof Dermot Walsh questioned its legality.
After five threats of High Court action on the question of constitutionality, data retention was finally implemented last February as a minor amendment to the Criminal Justice (Terrorist Offences) Act 2005. The amendment was briefly debated, then passed before an almost empty Dáil chamber.
Critics say that for two years Mr McDowell had promised a full Oireachtas debate on a dedicated Bill for retention.
Kathryn Raleigh, chairwoman of industry body ICT Ireland, says the technology industry - which directly employs 100,000 people - is alarmed at the scope of what the Government is doing. "ICT Ireland examined the implications of the proposed legislation and expressed its grave concerns in relation to the Government's proposals."
None of the State's moves has been accidental. Before and since the implementation of data retention here, Ireland led the drive to introduce the controversial policy on an EU-wide basis.
Repeatedly voted down by the European Parliament and unanimously opposed by the European data protection commissioners, data retention was finally passed in a watered-down Bill last December.
This is all on the basis of "terrorist threats".
However, T.J. McIntyre, law lecturer at UCD and director of Digital Rights Ireland, says international law-enforcement agencies are playing on global terrorism fears to bring in long-sought surveillance and data retention legislation.
So-called "mission creep" has meant criminal offences and even civil offences are now folded into such legislation. "Even in the wake of the worst bombings in Ireland and Britain, there was no call for laws on this draconian level," McIntyre says.
And while the Garda and the Government regularly cite the Veronica Guerin and Omagh bombing cases as situations where call data was crucial to prosecutions, what they carefully do not add is that the data was obtained well within the six-month retention framework of our existing data protections laws.
The State has yet to cite a single case which required three years of retained data.
It has also shown little shame about stripping away the privacy of its citizens. But with multinational investment dollars and Irish jobs at stake, maybe, just maybe, the Government will realise that an open and welcoming business environment depends on an open, not a surveillance-based, society.