Ireland to have RIP-like citizen spying act by early next year

Andrew Duffy

The article I have linked to and reproduced here is currently on the front page of the Irish Times website. It describes an act being worked on which will require providers of telecommunications, like mobile phone companies and ISPs, to keep detailed data on every individual's use of their services for four years. This is tantamount to a wiretap on every user of a phone or internet service in the country, whether under suspicion of illegal activity or not. When the similar RIP act was passed in the UK in November 2000, public outrage and a campaign of faxing MPs led to the act being suspended while it was rewritten to protect the privacy of innocent citizens.
Politicians are usally reasonable people; if you write to your representatives outlining your concerns you can help avoid this nasty step towards our becoming a state that spies upon its citizens.

http://www.ireland.com/newspaper/front/2002/1128/901350883HM1TECH.html

Department to store data on citizens for four years

Detailed personal data on every Irish citizen's phone and mobile calls, faxes, and e-mail and Internet usage will be retained for up to four years under a new Department of Justice Bill, writes Karlin Lillington

The Bill, which is being drafted and which the Minister, Mr McDowell, hopes to implement by next spring, requires that personal electronic data be retained for two to four years. At present, data may only be retained for a short period, exclusively for billing purposes - generally, three to six months - and then must be destroyed.

"We have serious concerns that this is treating everybody as a potential suspect in a crime," said Mr Malachy Murphy, e-rights convener with the Irish Council for Civil Liberties. "This would also appear to go against the European Convention on Human Rights, which has explicit protections for citizen privacy."

Data produced by digital networks can be highly revealing, while 3G mobile phone networks, with phones which regularly broadcast their location back to the network, will provide information on where a person is standing to within a few metres. The legislation could also demand that Internet service providers store information on all the individual web pages a subscriber has visited over four years.

It is understood that Department officials failed to consult any organisation other than the Garda Síochána in preparing legislation which would in effect overturn existing EU data protection directives. The Bill would also run counter to data protection provisions within the State's E-Commerce Act 2000 - considered essential for creating a supportive e-commerce environment where businesses and consumers can trust how their private information is stored and handled.

Officials within the Department of Justice are understood to be seeking a legal regime similar to that mandated by Britain's controversial Regulation of Investigatory Powers (RIP) Act.

In Britain, aspects of RIP are being rewritten after strong opposition to the initial Act from the House of Lords, the business community, privacy advocacy groups and the British media. The British government had to withdraw additional legislation dealing with the same areas of data retention as the Irish Bill after this provoked widespread outrage and anger.

"The RIP Act was incredibly controversial when passed, but that was nothing compared to the opposition to data retention," said Mr Ian Brown, director of British policy for the Foundation for Information Policy Research (FIPR).

"Creating a huge database that is lying there for years is a huge invitation for government misuse, much more for hackers, blackmailers, criminals and others."

Mr Brown said Britain and the Republic have been under pressure from American surveillance agencies such as the CIA and FBI to loosen protections on data privacy.

The Department of Justice did not respond to questions about the Bill's details.

dahamsta

Reposted from IIU...

Department to store data on citizens for four years
From: Ireland.com
Thursday, 28th November, 2002

Detailed personal data on every Irish citizen's phone and mobile calls, faxes, and e-mail and
Internet usage will be retained for up to four years under a new Department of Justice Bill, writes
Karlin Lillington

The Bill, which is being drafted and which the Minister, Mr McDowell, hopes to implement by next
spring, requires that personal electronic data be retained for two to four years. At present, data
may only be retained for a short period, exclusively for billing purposes - generally, three to six
months - and then must be destroyed.

"We have serious concerns that this is treating everybody as a potential suspect in a crime," said
Mr Malachy Murphy, e-rights convener with the Irish Council for Civil Liberties. "This would also
appear to go against the European Convention on Human Rights, which has explicit protections for
citizen privacy."

Data produced by digital networks can be highly revealing, while 3G mobile phone networks, with
phones which regularly broadcast their location back to the network, will provide information on
where a person is standing to within a few metres. The legislation could also demand that Internet
service providers store information on all the individual web pages a subscriber has visited over
four years.

It is understood that Department officials failed to consult any organisation other than the Garda
Síochána in preparing legislation which would in effect overturn existing EU data protection
directives. The Bill would also run counter to data protection provisions within the State's
E-Commerce Act 2000 - considered essential for creating a supportive e-commerce environment where
businesses and consumers can trust how their private information is stored and handled.

Officials within the Department of Justice are understood to be seeking a legal regime similar to
that mandated by Britain's controversial Regulation of Investigatory Powers (RIP) Act.

In Britain, aspects of RIP are being rewritten after strong opposition to the initial Act from the
House of Lords, the business community, privacy advocacy groups and the British media. The British
government had to withdraw additional legislation dealing with the same areas of data retention as
the Irish Bill after this provoked widespread outrage and anger.

"The RIP Act was incredibly controversial when passed, but that was nothing compared to the
opposition to data retention," said Mr Ian Brown, director of British policy for the Foundation for
Information Policy Research (FIPR).

"Creating a huge database that is lying there for years is a huge invitation for government misuse,
much more for hackers, blackmailers, criminals and others."

Mr Brown said Britain and the Republic have been under pressure from American surveillance agencies
such as the CIA and FBI to loosen protections on data privacy.

The Department of Justice did not respond to questions about the Bill's details.

Typedef

Well how about running all of your email through 3DES or blowfish and let the politicos try and search the entire keyspace for 3DES if they want to try and read your email?

If you and a friend want to exchange information without giving big brother access to it, then why not just write your message in your favorite text editor, encrypt it with 3DES where only you and recipient (x) know both DES keys, and laugh at the politicos if they try and crack it? Or run 3DES three times and have six DES keys, all different and then see the politicos try and crack 3DES run thrice......?

Basically, I don't trust the government and I'm quite sure that 'somewhere' said government lackies are keeping copies of correspondance and so on for 'security reasons'. So, for individual security, I'm thinking that I might just be implementing 'some form' of secure message exchange with my friends, possibly based around 3DES or blowfish encryption with keys only know to myself and my friends.

Is this an infringement of civil liberties? Well yes, of course it is. I am surprised that the government are being so 'transparent' and honest about wanting to snoop people's correspondance. It just makes people react to protect their privacy really. To my mind, this is a public relations exercise as the people who 'need' for reason (x) to have secure information exchange, can ultimately have it, with enough effort, it's ultimately Joe Soap (x), that the government will end up snooping and ironically enough it's Joe Soap (x) the government has least to fear from.

MrPudding

Originally posted by Typedef
Well how about running all of your email through 3DES or blowfish and let the politicos try and search the entire keyspace for 3DES if they want to try and read your email?

This would be the obvious solution, the problem is if they follow the RIP act from the UK you could end up in prison. The RIP act states that if you *receive* or send an email which is encrypted and will not or *cannot* provide the key to decrypt it to the police if requested, you can be put in prison.

Typedef

RIP act states that if you *receive* or send an email which is encrypted and will not or *cannot* provide the key to decrypt it to the police if requested, you can be put in prison.

Hmm, somehow, I'm thinking that if you or your friend suddenly 'lost' the sheet of paper with your 3DES keys written down, that a judge will not throw you in prison for that, I mean seriously cannot, is not analagous to will not and in a court of law I honestly don't see 'cannot' as being sufficient grounds for a conviction.

Sure the prosecution will try and prove that it is the case that you 'will not' provide the key, but in practice I doubt anyone 'could', be jailed because said person had suddenly 'lost the sheet of paper your honour' with your 3DES keys written on it.

You could become a techie martyr maybe, like that Norwegian bloke who made decss available.*

*Hardware I own, DVDs I bought, running operating system of my choice on hardware I paid for from money I earned... mumble, mumble.

daveirl

This post has been deleted.

daveirl

This post has been deleted.

gandalf

Both threads merged - see I can do other moderators things apart from banning people

Gandalf.

LizardKing

Sent an email to my local TD complaining ; doubt it'll do any good though....

amen

Encrypt yout email messages is fine but other proposed aspects of the bill supposedly include
:log of all the web pages visited
:phone calls
:mobile calls(including location information)


the state doesn't have a right to spy/store information on citizens who have been suspected of no crime and are not doing any thing illegal

as we seem to have an inability to seperate governement/business in this state will we find details leaked from this database to specific business interests ?

Whos going to store this information ? protect it from hackers ?
ensure its validity ?

a policy state is not far away

dahamsta

As amen points out, this isn't just about email, it's about everything you do while on the Internet or your mobile phone. I'll wait patiently for the old "nothing to hide" nugget to pop up, but while I'm waiting, think about this: This is /exactly/ the same as giving An Post permission to open your letters, photocopy them, and put them into storage "just in case".

How would you feel about that?

adam

daveirl

This post has been deleted.

Typedef

How would you feel about that?

I would be vehemently opposed obviously.

Vis-a-vis web browsing, I expect anonymous proxying could become popular, encryption for email too perhaps, vis-a-vis mobile phones, I think it's pretty much a dead loss as many of the mobile relay stations are literally right on top of Garda stations, which, forgive my cynical mind, implys to me that the Garda are 'already' tapping phone conversations, SMS and else.

I'm thinking what is really needed is some form of action group to resist this.

slackware

MrPudding

I agree with you 100% Typedef, was just pointing out what they were/are trying to do in the UK. They made a absolute balls of it there and I don't hold much hope for it being any better here.

As for the "if you have nothing to hide" bunch that will no doubt rear it's whinging head screaming "we must protect the children", I have nothing to hide but I don't want some tosser with nothing better to do looking through my mails and checking out who I phoned in the last 4 years.

Lemming

Originally posted by Typedef
RIP act states that if you *receive* or send an email which is encrypted and will not or *cannot* provide the key to decrypt it to the police if requested, you can be put in prison.

Hmm, somehow, I'm thinking that if you or your friend suddenly 'lost' the sheet of paper with your 3DES keys written down, that a judge will not throw you in prison for that, I mean seriously cannot, is not analagous to will not and in a court of law I honestly don't see 'cannot' as being sufficient grounds for a conviction.

iirc, MrPudding's quote above is the exact interpretation of the original RIP bill in the UK.

It made no distinction between inability and refusal on the part of the party in question. Either was tantamount to the same thing - the inability of law-enforcement to decrypt a message, and was thus a criminal offense.

Thanx 4 The Fish

I already encrypt any mails I send that are of a personal or sensitive nature and as far as looking at them is concerned, it would be quite hard to tell that they are encrypted. How could it be proven that a message is encrypted and not just (for example) poorly spelled ?

vinnyfitz

Not very reassuring denials From RTE lunch time radio:

McDowell rejects personal data claims

November 28, 2002

(14:52) The Minister for Justice, Michael McDowell, has said today's Irish Times report suggesting the State plans legislation to retain personal data such as phone records, e-mails and interest usage for up to four years, is misleading.

Speaking on RTE Radio, Mr McDowell said there were no Big Brother plans to retain any sort of information.

He said the bill would require electronic communications providers to keep certain data, should it become necessary in the investigation of serious criminal offences.

He said that already in certain circumstances, Garda superintendents could apply to providers for information when investigating serious offences.

I know you hate Real Player but here is the interview:
McDowell rejects personal data claims

http://www.rte.ie/news/2002/1128/newsatone/news1pm2a.ram

Typedef

Mr Brown said Britain and the Republic have been under pressure from American surveillance agencies
such as the CIA and FBI to loosen protections on data privacy.

The Department of Justice did not respond to questions about the Bill's details.

If this Orwellian piece of legislation is really in the offing, it must be stopped. I for one will not tolerate Big Brother snooping email, my browsing habits, the sort of bars I frequent, perhaps a profile about my socio-political ethos would be built up.

This is in a big way about the freedom of the individual to live free from obteuse state scrutiny. If you haven't comitted any crime, then why should the State track you as if you were a paedophile, rapist or murder, something this State fails to do at present?

Really, if I wanted to live in an Orwell book, there are many States around the world with sufficiently authoritarian governments (or so I'm told by the TV).

Also, I'm assuming that the freedom of information act pertaining to information kept on you by person (x) does not apply to the Irish RIP?

seamus

Originally posted by vinnyfitz
He said the bill would require electronic communications providers to keep certain data, should it become necessary in the investigation of serious criminal offences.

Well, though it's no different, this is already going on, with your phones. The telco's already have logged what numbers you've called and for how long, and also of all SMS's sent over the last 6 months. The Gardai can access this information if needed.

The emails thing is a bit different though. There is no reason to log emails other then for spying on individuals. I wouldn't mind too much this info being held if and only if a court order was required for anyone to access this information.....

Typedef

Clearly in the arena of email and web browsing the government has no remit to intrude.

As has been pointed out, would you give the post office permission to copy every correspondance you recieved? I sure wouldn't. What about web browsing? Who decides what is kosher and what is not? Can you imagine a brigade of the righteously indignant attempting to cull you from 'deviant' web sites? I don't mean kiddie porn, but I do think that at best the logging of web browsing is open to interpretation from others in a less than objective way.

dathi1

yes ...pre Nice referendum I was told that I was over the top on using the word Orwellian in relation to this matter by jc but even now post Nice you have a pro federeralist CD party like FG using the same word!
look it like it or lump it...we now are heading for a closed system power block with absolute control..and though I disagree with Bonkey's expert opinion on PGP encryption and data storage we are all potential suspects in the future USE united states of Europe as they lackey to their Christian right US counterparts.
they're doin well so far:
1. Data Surveillance
2. Kill of Irish Fishing for good by buying the industry out and letting the Big countries (Spain) into what's left of our 50 mile exclusion zone. (conservation my arse!)

Ajnag

Might I suggest a lobby group or a board in the community/activism, cause if its let rest and left to our fine political representives, then we are left facing a situation, where not only will you have to put up with the worst internet service in europe, but the fact that all you say and do on the net is on record, and given this countrys history probably will be abused to certain party ends.

or Maybe if Ioffl were to take it up as a secondary issue.I heard it was the e.u trying to push this one through

the post analogy is perfect to push the point.


As for the guards monitering gsm? doubt it, these were the people who almost quit work when forced to use a computer system, How ever I have heard that all Irish mobile calls are routed through british intelligence.Not sure on that one, just one of those rumours, as a friend said 'a listening post on every garda station'.

Also did anyone here ever hear of project echalone(sp), an attempt to moniter all information transmitted?

Typedef

Originally posted by Ajnag
Might I suggest a lobby group or a board in the community/activism

Actually I was alluding to that earlier..... I'll start the topic in admin if not already there.

Meh

Originally posted by dathi1
like it or lump it...we now are heading for a closed system power block with absolute control..and though I disagree with Bonkey's expert opinion on PGP encryption and data storage we are all potential suspects in the future USE united states of Europe as they lackey to their Christian right US counterparts.

Uh, the EU isn't mandating data retention. Under the relevant EU directive, each EU member is free to decide for itself on this matter (source).

This legislation is McDowell's own idea. I voted for him last election, so if this gets through you can all blame me . Needless to say, he won't be getting my vote again unless he drops this proposal.

Typedef

This was just posted to the ILUG (Irish Linux Users Mailing List)

Justin MacCarthy
The minister for Justice will be on George Hooks show, between 4.30 and 7pm today, regarding this issue. You can email questions for George to ask at therighthook@newstalk106.ie

Ajnag

sorry typedef,
didnt notice that.

Actually I was alluding to that earlier..... I'll start the topic in admin if not already there.

DiscoStu

Originally posted by Ajnag
Also did anyone here ever hear of project echalone(sp), an attempt to moniter all information transmitted?

echelon is one of those super conspiracies that really would be a little to difficult to pull off without anyone actually noticing. the base is supposed to ba a man made movable oilring type setup out in the middle of the pacific.

maybe it the freemaisons

/me off to play deus

my oul lad has always said within 30 years we will be in a police state. looks like he aint that mad.

Typedef

But, seriously. Detailed records of all faxes and email sent for every citizen?

To quote a great thespian

"1984, yeah right, that was a typo.... Orwell is here, he's living large"

seamus

Originally posted by DiscoStu
echelon is one of those super conspiracies that really would be a little to difficult to pull off without anyone actually noticing. the base is supposed to ba a man made movable oilring type setup out in the middle of the pacific.

maybe it the freemaisons

/me off to play deus

my oul lad has always said within 30 years we will be in a police state. looks like he aint that mad.

After Osama & co did the deed, they admitted it actually exists, but it's not as sinister as expected(Although saying that's a little like trying to prove that infinity-1 < infinity). Basically they scanned emails, phone convos and stuff for words like bomb, Osama, Terrorist, etc etc.

No link atm

bonkey

You know, the interesting thing in all of this is that no-one has noticed a key aspect....

The only "external" sources consulted were the gardai. Ergo, we can deduce that the phone companies and ISPs have not been consulted. I'm curious as to whether or not they will react, pointing out the costs and/or impossibility of implementing such measures.

Time after time, we have people telling us that the end is nigh because of a proposed piece of legislation which has not been fully drafted, not gone through the review process and not been voted into law.

Reading a bit more into the article, we see that it could involve a number of things, may involve some others, and if it does these things, will 'overturn' (polite word for contravene) existing EU legislation designed to prevent this type of stuff.

In short, this whole thing strikes me as a storm in a teacup at this stage. The entire article seems to be written in a tone implying "how stupid is the minister, if he thinks this will pass", as opposed to "batten down the hatches, big brother is here".

On an aside, Echelon exists, and is not some motile man-made island. (Where do people come up with these crazy ideas?) It is a joint project involving the US, Canada, UK, Australia and New Zealand. Its known to exist because the two southern-hemisphere nations have admitted as much. Its purpose is information gathering. Its exact capabilities are not known. Do a google search on the word if you want to know more - its not hard.

jc

dahamsta

Couple things. MrPudding said: "just pointing out what they were/are trying to do in the UK. They made a absolute balls of it there and I don't hold much hope for it being any better here."

They did make an absolute balls of it in the UK, but that just means that our Government has somewhat of an insight into how we'll deal with it. On top of that, Ireland's really nothing like the UK. They have a much larger population and more importantly a much larger population of activists. Irish people all too often accept now and complain later.

On the matter of the Minister's statement, call me an old conspiracy-theorist-lefty if you want, but I wouldn't be at all surprised if the original story came from a intentional leak intended to guage reaction. It's just shooting high with an eye to settling higher than people would normally expect. Like the FBU asking for 30% -- they know it's not going to happen, but guess what'll happen if they ask for what they expect?

The things that creeps me out about current governance is the whole "daddy knows best" bit, the way they try and slip stuff under the carpet, hope you won't notice. Watch McDowell avoid the question of what exactly this legislation will cover over the next few days. He's already at it: "certain data", "should it become necessary", "certain circumstances". That shouldn't be good enough for us.

adam